CVE-2017-2520Out-of-bounds Write in Apple Iphone OS

CWE-787Out-of-bounds Write11 documents7 sources
Severity
9.8CRITICALNVD
OSV5.9
EPSS
10.6%
top 6.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Ghost Sqlite3Apple Iphone OSApple MAC OS X+3 more
Timeline
PublishedMay 22
Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDapple/tvos< 10.2.1
NVDapple/watchos< 3.2.2
NVDapple/mac_os_x< 10.12.5
NVDapple/iphone_os< 10.3.2
Debianghost/sqlite3< 3.16.2-1+3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
GHSA
GHSA-wj7x-vfpp-jppw: An issue was discovered in certain Apple products2022-05-13
OSV
sqlite3 vulnerabilities2019-06-19
OSV
CVE-2017-2520: An issue was discovered in certain Apple products2017-05-22
CVEList
CVE-2017-2520: An issue was discovered in certain Apple products2017-05-22

📋Vendor Advisories

6
Ubuntu
SQLite vulnerabilities2019-06-19
Apple
CVE-2017-2520: iOS 10.3.22017-05-15
Apple
CVE-2017-2520: macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite2017-05-15
Apple
CVE-2017-2520: tvOS 10.2.12017-05-15
Apple
CVE-2017-2520: watchOS 3.2.22017-05-15
CVE-2017-2520 — Out-of-bounds Write in Apple Iphone OS | cvebase