Details of VAR-201510-0232

ID

VAR-201510-0232

CVE

CVE-2015-5922

TITLE

Apple OS X and watchOS Used in International Components for Unicode Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-005179

DESCRIPTION

Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. ICU is prone to a remote memory-corruption vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Note: This issue was previously titled 'ICU CVE-2015-5922 Unspecified Security Vulnerability'. The title has been changed to better reflect security impact and the vulnerability information. Both Apple OS X and watchOS are products of Apple (Apple). The former is a dedicated operating system developed for Mac computers. The latter is a smartwatch operating system. International Components for Unicode (ICU) is a Unicode support, software internationalization, globalization C/C++ and Java library. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 2.07

sources: NVD: CVE-2015-5922 // JVNDB: JVNDB-2015-005179 // BID: 76911 // VULHUB: VHN-83883 // VULMON: CVE-2015-5922

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.11	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	1.01	Trust: 1.0
vendor:	icu	model:	international components for unicode	scope:	lt	version:	53.1	Trust: 1.0
vendor:	icu	model:	icu	scope:	lt	version:	53.1.0	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	lt	version:	10.6.8 thats all 10.11	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch)	Trust: 0.8
vendor:	icu	model:	international components for unicode	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	2.2	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	2.8	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	2.1	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	3.0	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	2.6	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	2.6.2	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	2.6.1	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	icu	model:	international components for unicode	scope:	eq	version:	1.7	Trust: 0.6
vendor:	esignal	model:	esignal	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 76911 // JVNDB: JVNDB-2015-005179 // CNNVD: CNNVD-201510-120 // NVD: CVE-2015-5922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5922
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-5922
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201510-120
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-83883
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-5922
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-5922
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83883
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83883 // VULMON: CVE-2015-5922 // JVNDB: JVNDB-2015-005179 // CNNVD: CNNVD-201510-120 // NVD: CVE-2015-5922

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-5922

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-120

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 76911

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005179

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-30-3 OS X El Capitan 10.11	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Trust: 0.8
title:	APPLE-SA-2015-09-21-1 watchOS 2	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html	Trust: 0.8
title:	HT205213	url:	https://support.apple.com/en-us/HT205213	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/en-us/HT205267	Trust: 0.8
title:	HT205213	url:	http://support.apple.com/ja-jp/HT205213	Trust: 0.8
title:	HT205267	url:	http://support.apple.com/ja-jp/HT205267	Trust: 0.8
title:	Top Page	url:	http://site.icu-project.org/	Trust: 0.8
title:	Apple: OS X El Capitan v10.11	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7	Trust: 0.1

sources: VULMON: CVE-2015-5922 // JVNDB: JVNDB-2015-005179

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5922	Trust: 2.9
db:	BID	id:	76911	Trust: 2.1
db:	SECTRACK	id:	1033703	Trust: 1.8
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005179	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-120	Trust: 0.7
db:	VULHUB	id:	VHN-83883	Trust: 0.1
db:	VULMON	id:	CVE-2015-5922	Trust: 0.1

sources: VULHUB: VHN-83883 // VULMON: CVE-2015-5922 // BID: 76911 // JVNDB: JVNDB-2015-005179 // CNNVD: CNNVD-201510-120 // NVD: CVE-2015-5922

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/76911	Trust: 1.8
url:	https://support.apple.com/ht205213	Trust: 1.8
url:	https://support.apple.com/ht205267	Trust: 1.8
url:	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Trust: 1.8
url:	http://www.securitytracker.com/id/1033703	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5922	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5922	Trust: 0.8
url:	http://site.icu-project.org/home	Trust: 0.3
url:	https://support.apple.com/en-us/ht205212	Trust: 0.3
url:	https://support.apple.com/en-us/ht205221	Trust: 0.3
url:	https://support.apple.com/en-in/ht205267	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-itunes-cve-2015-5922	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht205267	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41307	Trust: 0.1

sources: VULHUB: VHN-83883 // VULMON: CVE-2015-5922 // BID: 76911 // JVNDB: JVNDB-2015-005179 // CNNVD: CNNVD-201510-120 // NVD: CVE-2015-5922

CREDITS

Mark Brand of Google Project Zero

Trust: 0.3

sources: BID: 76911

SOURCES

db:	VULHUB	id:	VHN-83883
db:	VULMON	id:	CVE-2015-5922
db:	BID	id:	76911
db:	JVNDB	id:	JVNDB-2015-005179
db:	CNNVD	id:	CNNVD-201510-120
db:	NVD	id:	CVE-2015-5922

LAST UPDATE DATE

2024-11-23T19:30:27.266000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83883	date:	2019-04-23T00:00:00
db:	VULMON	id:	CVE-2015-5922	date:	2019-04-23T00:00:00
db:	BID	id:	76911	date:	2016-07-05T21:38:00
db:	JVNDB	id:	JVNDB-2015-005179	date:	2015-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201510-120	date:	2019-04-24T00:00:00
db:	NVD	id:	CVE-2015-5922	date:	2024-11-21T02:34:08.393

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83883	date:	2015-10-09T00:00:00
db:	VULMON	id:	CVE-2015-5922	date:	2015-10-09T00:00:00
db:	BID	id:	76911	date:	2015-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2015-005179	date:	2015-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201510-120	date:	2015-10-10T00:00:00
db:	NVD	id:	CVE-2015-5922	date:	2015-10-09T05:59:38.640