ID

VAR-201705-3232


CVE

CVE-2017-2518


TITLE

plural Apple Product SQLite Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-003799

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. A buffer overflow vulnerability exists in the SQLite component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2. CVE-2017-2521: lokihardt of Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-05-15-2 iOS 10.3.2 iOS 10.3.2 is now available and addresses the following: AVEVideoEncoder Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CoreAudio Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team iBooks Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A maliciously crafted book may open arbitrary websites without user permission Description: A URL handling issue was addressed through improved state management. CVE-2017-2497: Jun Kokatsu (@shhnjk) iBooks Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with root privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2017-6981: evi1m0 of YSRC (sec.ly.com) IOSurface Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6979: Adam Donenfeld of Zimperium zLabs Kernel Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2501: Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2507: Ian Beer of Google Project Zero CVE-2017-6987: Patrick Wardle of Synack Notifications Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander (OxFEEDFACE), and Joseph Shenton of CoffeeBreakers Safari Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted webpage may lead to an application denial of service Description: An issue in Safari's history menu was addressed through improved memory handling. CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc. Security Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Update to the certificate trust policy Description: A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance. CVE-2017-2498: Andrew Jerman SQLite Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2513: found by OSS-Fuzz SQLite Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz SQLite Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2519: found by OSS-Fuzz SQLite Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative TextInput Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2524: Ian Beer of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2496: Apple CVE-2017-2505: lokihardt of Google Project Zero CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Microas Zero Day Initiative CVE-2017-2514: lokihardt of Google Project Zero CVE-2017-2515: lokihardt of Google Project Zero CVE-2017-2521: lokihardt of Google Project Zero CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab ( tencent.com) working with Trend Microas Zero Day Initiative CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (tencent.com) working with Trend Microas Zero Day Initiative CVE-2017-2530: Wei Yuan of Baidu Security Lab CVE-2017-2531: lokihardt of Google Project Zero CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative CVE-2017-6980: lokihardt of Google Project Zero CVE-2017-6984: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management. CVE-2017-2504: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management. CVE-2017-2508: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management. CVE-2017-2510: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management. CVE-2017-2528: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues with addressed through improved memory handling. CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame loading. This issue was addressed with improved state management. CVE-2017-2549: lokihardt of Google Project Zero WebKit Web Inspector Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute unsigned code Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2499: George Dan (@theninjaprawn) Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "10.3.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIbBAEBCgAGBQJZGd7rAAoJEIOj74w0bLRGS4kP+Lc6slIXsaBr4WUGGX9bn0ej klXxesL3SNerIMYNK3HUnw/8bM3uhsxKcb8I1OC0lFw3xqtxCs2Mt7qDWOvZ8yvy 7eg55Pbx/YVQUV3fSCTRYsGclHFAVNvw7NxgXJEh27Jb+3pLleLzOlepMwhgstxy REEhMVZrjkzQNEXU14r+o7YePowIezfs9pPBYyT/jQk3z5DH/kxIe9J8nP/4yHU3 1Ygvm/VwgXjdMVzR60WY72D/jahVePFK0gjR0omOsYc7KslOirkJ18arf7MI3iC5 yOVs6zvh17nPvQXJr5rbZivMfD5RWB+iTAFtdlT9vReEDgSjizxn/kiwWWeujOzB ORZmk+BZ0NzSR07sMrINeWmqAhgxKT3D7eCslU/BcRtLoIEsFvje+HgUk7gxoA0U xirgc0nKaB2eNrUxw7GFtV0pWq5fNwdZ2HWQvBL9e73up+XDi9TE/xylUzTGx50b SJl/N491dvIE8BmDUTRlkkTE44SQcATppE76CoLj8y/ncva/Os5KgybZt0Hq0zAV HA8yprCh35iTtqn3D4KyN85XJaLBuYn8nAmF0VQ6ixSekmc6e9RY1vqG7yFXTTkb P9TPLHpbuPGeRenvm/WezkJCQJsUQ64UwT07evtXJfHLuWGCfF4pLIkvfSiVaI8G ucaPHZqagilOIk1zNYk= =26IY -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4019-2 June 19, 2019 sqlite3 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in SQLite. Software Description: - sqlite3: C library that implements an SQL database engine Details: USN-4019-1 fixed several vulnerabilities in sqlite3. Original advisory details: It was discovered that SQLite incorrectly handled certain SQL files. (CVE-2017-2518) It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to access sensitive information. An attacker could possibly use this issue to cause a denial of service. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-13685) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: libsqlite3-0 3.8.2-1ubuntu2.2+esm1 sqlite3 3.8.2-1ubuntu2.2+esm1 Ubuntu 12.04 ESM: libsqlite3-0 3.7.9-2ubuntu1.3 sqlite3 3.7.9-2ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4019-2 https://usn.ubuntu.com/4019-1 CVE-2016-6153, CVE-2017-10989, CVE-2017-13685, CVE-2017-2518, CVE-2018-20346, CVE-2018-20506, CVE-2019-8457

Trust: 2.43

sources: NVD: CVE-2017-2518 // JVNDB: JVNDB-2017-003799 // BID: 98468 // VULHUB: VHN-110721 // PACKETSTORM: 142506 // PACKETSTORM: 142510 // PACKETSTORM: 142507 // PACKETSTORM: 153354 // PACKETSTORM: 142509

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 1.4

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.12.5

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:10.3.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:10.2.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:3.2.2

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:3.2

Trust: 0.9

vendor:applemodel:iosscope:ltversion:10.3.2 (ipad first 4 generation or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2.1 (apple tv ( first 4 generation ))

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:3.2.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:10.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:watchosscope:neversion:3.2.2

Trust: 0.3

vendor:applemodel:tvosscope:neversion:10.2.1

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.5

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.3.2

Trust: 0.3

sources: BID: 98468 // JVNDB: JVNDB-2017-003799 // CNNVD: CNNVD-201705-1003 // NVD: CVE-2017-2518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2518
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2518
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201705-1003
value: CRITICAL

Trust: 0.6

VULHUB: VHN-110721
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2518
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110721
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2518
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110721 // JVNDB: JVNDB-2017-003799 // CNNVD: CNNVD-201705-1003 // NVD: CVE-2017-2518

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-110721 // JVNDB: JVNDB-2017-003799 // NVD: CVE-2017-2518

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1003

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201705-1003

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003799

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:HT207800url:https://support.apple.com/en-us/HT207800

Trust: 0.8

title:HT207801url:https://support.apple.com/en-us/HT207801

Trust: 0.8

title:HT207797url:https://support.apple.com/en-us/HT207797

Trust: 0.8

title:HT207798url:https://support.apple.com/en-us/HT207798

Trust: 0.8

title:HT207797url:https://support.apple.com/ja-jp/HT207797

Trust: 0.8

title:HT207798url:https://support.apple.com/ja-jp/HT207798

Trust: 0.8

title:HT207800url:https://support.apple.com/ja-jp/HT207800

Trust: 0.8

title:HT207801url:https://support.apple.com/ja-jp/HT207801

Trust: 0.8

title:Multiple Apple product SQLite Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70479

Trust: 0.6

sources: JVNDB: JVNDB-2017-003799 // CNNVD: CNNVD-201705-1003

EXTERNAL IDS

db:NVDid:CVE-2017-2518

Trust: 3.3

db:BIDid:98468

Trust: 2.0

db:SECTRACKid:1038484

Trust: 1.7

db:JVNid:JVNVU98089541

Trust: 0.8

db:JVNDBid:JVNDB-2017-003799

Trust: 0.8

db:CNNVDid:CNNVD-201705-1003

Trust: 0.7

db:PACKETSTORMid:153354

Trust: 0.7

db:AUSCERTid:ESB-2019.4457

Trust: 0.6

db:AUSCERTid:ESB-2019.2196

Trust: 0.6

db:AUSCERTid:ESB-2021.3221

Trust: 0.6

db:VULHUBid:VHN-110721

Trust: 0.1

db:PACKETSTORMid:142506

Trust: 0.1

db:PACKETSTORMid:142510

Trust: 0.1

db:PACKETSTORMid:142507

Trust: 0.1

db:PACKETSTORMid:142509

Trust: 0.1

sources: VULHUB: VHN-110721 // BID: 98468 // JVNDB: JVNDB-2017-003799 // PACKETSTORM: 142506 // PACKETSTORM: 142510 // PACKETSTORM: 142507 // PACKETSTORM: 153354 // PACKETSTORM: 142509 // CNNVD: CNNVD-201705-1003 // NVD: CVE-2017-2518

REFERENCES

url:http://www.securityfocus.com/bid/98468

Trust: 2.3

url:https://usn.ubuntu.com/4019-1/

Trust: 2.3

url:https://usn.ubuntu.com/4019-2/

Trust: 2.3

url:https://support.apple.com/ht207797

Trust: 1.7

url:https://support.apple.com/ht207798

Trust: 1.7

url:https://support.apple.com/ht207800

Trust: 1.7

url:https://support.apple.com/ht207801

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html

Trust: 1.7

url:http://www.securitytracker.com/id/1038484

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-2518

Trust: 1.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2518

Trust: 0.8

url:http://jvn.jp/vu/jvnvu98089541/index.html

Trust: 0.8

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193050-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-201914227-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/153354/ubuntu-security-notice-usn-4019-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2196/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4457/

Trust: 0.6

url:https://support.apple.com/kb/ht201222

Trust: 0.4

url:https://gpgtools.org

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-2502

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-2520

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-2519

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-2507

Trust: 0.4

url:https://www.apple.com/support/security/pgp/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-2513

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-2524

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-2501

Trust: 0.4

url:https://www.apple.com/

Trust: 0.3

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/accessibility/tvos/

Trust: 0.3

url:http://www.apple.com/watchos-2/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-2521

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-2497

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-6979

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-6989

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-6987

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2531

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2506

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2504

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2505

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2530

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2525

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2499

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2536

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2515

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-2509

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2542

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2548

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-6978

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2545

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2535

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2533

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2494

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2540

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-6977

Trust: 0.1

url:https://www.apple.com/support/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2527

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2534

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2541

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2503

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2514

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2538

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2508

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2526

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2496

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2510

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2495

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-6153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-13685

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20346

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-10989

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8457

Trust: 0.1

url:https://usn.ubuntu.com/4019-2

Trust: 0.1

url:https://usn.ubuntu.com/4019-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-6984

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-2549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-6980

Trust: 0.1

sources: VULHUB: VHN-110721 // BID: 98468 // JVNDB: JVNDB-2017-003799 // PACKETSTORM: 142506 // PACKETSTORM: 142510 // PACKETSTORM: 142507 // PACKETSTORM: 153354 // PACKETSTORM: 142509 // CNNVD: CNNVD-201705-1003 // NVD: CVE-2017-2518

CREDITS

Ubuntu

Trust: 0.7

sources: PACKETSTORM: 153354 // CNNVD: CNNVD-201705-1003

SOURCES

db:VULHUBid:VHN-110721
db:BIDid:98468
db:JVNDBid:JVNDB-2017-003799
db:PACKETSTORMid:142506
db:PACKETSTORMid:142510
db:PACKETSTORMid:142507
db:PACKETSTORMid:153354
db:PACKETSTORMid:142509
db:CNNVDid:CNNVD-201705-1003
db:NVDid:CVE-2017-2518

LAST UPDATE DATE

2024-11-23T20:35:41.714000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-110721date:2019-10-03T00:00:00
db:BIDid:98468date:2017-05-23T16:28:00
db:JVNDBid:JVNDB-2017-003799date:2017-06-08T00:00:00
db:CNNVDid:CNNVD-201705-1003date:2021-09-27T00:00:00
db:NVDid:CVE-2017-2518date:2024-11-21T03:23:41.803

SOURCES RELEASE DATE

db:VULHUBid:VHN-110721date:2017-05-22T00:00:00
db:BIDid:98468date:2017-05-15T00:00:00
db:JVNDBid:JVNDB-2017-003799date:2017-06-08T00:00:00
db:PACKETSTORMid:142506date:2017-05-15T13:02:22
db:PACKETSTORMid:142510date:2017-05-15T23:23:23
db:PACKETSTORMid:142507date:2017-05-15T14:44:44
db:PACKETSTORMid:153354date:2019-06-19T23:53:26
db:PACKETSTORMid:142509date:2017-05-15T19:32:22
db:CNNVDid:CNNVD-201705-1003date:2017-05-23T00:00:00
db:NVDid:CVE-2017-2518date:2017-05-22T05:29:01.223