CVE-2017-7097 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287 — Improper Authentication5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 47.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple IOS

Timeline

PublishedOct 23

Latest updateMay 17

Description

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) via a crafted image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDapple/iphone_os10.3.3

▶Appleapple/ios11

🔴Vulnerability Details

GHSA

GHSA-jjq8-qc5v-fxgh: An issue was discovered in certain Apple products↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2017-7097: iOS 11↗2017-09-19

▶

Red Hat

kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)↗2017-01-09

▶

💬Community

Bugzilla

CVE-2017-5551 kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)↗2017-01-24

▶