CVE-2017-7130 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.7%

top 17.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +4 more

Timeline

PublishedOct 23

Latest updateSep 6

Description

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDapple/tvos10.2.2

▶NVDapple/watchos3.2.3

▶NVDapple/mac_os_x10.12.6

▶Appleapple/tvos11

▶Appleapple/watchos_4

🔴Vulnerability Details

GHSA

GHSA-jgfw-jv7f-rcq8: An issue was discovered in certain Apple products↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2017-7130: macOS High Sierra 10.13↗2017-09-25

▶

Apple

CVE-2017-7130: tvOS 11↗2017-09-19

▶

Apple

CVE-2017-7130: watchOS 4↗2017-09-19

▶

Apple

CVE-2017-7130: iOS 11↗2017-09-19

▶

💬Community

HackerOne

The dashboard is exposed in https://███↗2022-09-06

▶