CVE-2017-7066 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 70.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Tvos Apple IOS

Timeline

PublishedApr 3

Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDapple/tvos< 10.2.2

▶Appleapple/tvos10.2.2

▶NVDapple/iphone_os< 10.3.3

▶Appleapple/ios10.3.3

🔴Vulnerability Details

GHSA

GHSA-9r88-8qqh-38r6: An issue was discovered in certain Apple products↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2017-7066: iOS 10.3.3↗2017-07-19

▶

Apple

CVE-2017-7066: tvOS 10.2.2↗2017-07-19

▶

💬Community

Bugzilla

CVE-2016-7066 admin-cli: Any local users can connect to jboss-cli↗2016-12-05

▶