CVE-2017-7000Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-399CWE-284Improper Access Control17 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apple Iphone OSApple MAC OS XChromium+6 more
Timeline
PublishedApr 3
Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

NVDapple/mac_os_x< 10.12.5
NVDapple/iphone_os< 10.3.2
Appleapple/ios10.3.2
NVDchromium/chromium< 61.0.3163.79

Also affects: Debian Linux 9.0

🔴Vulnerability Details

2
GHSA
GHSA-2x84-5f93-3cpg: An issue was discovered in certain Apple products2022-05-14
OSV
CVE-2017-7000: An issue was discovered in certain Apple products2018-04-03

📋Vendor Advisories

9
Cisco
Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability2017-11-29
Red Hat
chromium-browser: pointer disclosure in sqlite2017-07-25
Apple
CVE-2017-7000: macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite2017-05-15
Apple
CVE-2017-7000: iOS 10.3.22017-05-15
Cisco
Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass Vulnerability2017-03-15

💬Community

5
Bugzilla
CVE-2017-7000 sqlite: chromium-browser: pointer disclosure in sqlite [fedora-all]2017-08-07
Bugzilla
CVE-2017-7000 sqlite2: chromium-browser: pointer disclosure in sqlite [fedora-all]2017-08-07
Bugzilla
CVE-2017-7000 mingw-sqlite: chromium-browser: pointer disclosure in sqlite [fedora-all]2017-08-07
Bugzilla
chromium: various flaws [fedora-all]2017-07-26
Bugzilla
CVE-2017-7000 chromium-browser: pointer disclosure in sqlite2017-07-26
CVE-2017-7000 — Apple Iphone OS vulnerability | cvebase