Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6984Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
8.8HIGHNVD
EPSS
10.3%
top 6.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Apple Iphone OSApple ItunesApple Safari+1 more
Timeline
PublishedMay 22
Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDapple/tvos10.2
NVDapple/itunes12.4.3
NVDapple/safari10.1
NVDapple/iphone_os10.3.1

🔴Vulnerability Details

3
GHSA
GHSA-wrpm-88f6-h7pp: An issue was discovered in certain Apple products2022-05-14
CVEList
CVE-2017-6984: An issue was discovered in certain Apple products2017-05-22
OSV
CVE-2017-6984: An issue was discovered in certain Apple products2017-05-22

💥Exploits & PoCs

1
Exploit-DB
WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow2017-06-16

📋Vendor Advisories

5
Apple
CVE-2017-6984: iOS 10.3.22017-05-15
Apple
CVE-2017-6984: tvOS 10.2.12017-05-15
Apple
CVE-2017-6984: Safari 10.1.12017-05-15
Apple
CVE-2017-6984: iTunes 12.6.1 for Windows2017-05-15
Debian
CVE-2017-6984: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected...2017
CVE-2017-6984 — Apple Iphone OS vulnerability | cvebase