CVE-2017-8248 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

2.4%

top 15.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple IOS Qualcomm INC Telephony +1 more

Timeline

PublishedAug 16

Latest updateMay 14

Description

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDapple/iphone_os10.3.2

▶CVEListV5qualcomm_inc/telephonyiPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation

▶Appleapple/ios10.3.3

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-jf2j-8329-vqx2: A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation↗2022-05-14

▶

📋Vendor Advisories

Android

CVE-2017-8248: Closed-source component↗2018-12-01

▶

Apple

CVE-2017-8248: iOS 10.3.3↗2017-07-19

▶