Sign-up

ID

VAR-201804-1042


CVE

CVE-2017-7167


TITLE

Apple Xcode of ld64 Component buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013145

DESCRIPTION

An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. ld64 is one of the linker components. A buffer overflow vulnerability exists in the ld64 component of Apple Xcode prior to 9.2

Trust: 1.71

sources: NVD: CVE-2017-7167 // JVNDB: JVNDB-2017-013145 // VULHUB: VHN-115370

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:ltversion:9.2

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:9.2 (macos sierra 10.12.6 or later )

Trust: 0.8

vendor:applemodel:xcodescope:eqversion:2.4.0

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:2.3.0

Trust: 0.6

vendor:applemodel:xcodescope:eqversion: -

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:3.1.1

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:2.0.0

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:3.1

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:1.5.0

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:2.1.0

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:2.2.0

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-013145 // CNNVD: CNNVD-201703-825 // NVD: CVE-2017-7167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7167
value: HIGH

Trust: 1.0

NVD: CVE-2017-7167
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201703-825
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115370
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7167
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115370
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7167
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115370 // JVNDB: JVNDB-2017-013145 // CNNVD: CNNVD-201703-825 // NVD: CVE-2017-7167

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115370 // JVNDB: JVNDB-2017-013145 // NVD: CVE-2017-7167

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-825

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201703-825

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013145

PATCH
title:HT208456url:https://support.apple.com/en-us/HT208456
Trust: 0.8
title:HT208456url:https://support.apple.com/ja-jp/HT208456
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-013145

EXTERNAL IDS
db:NVDid:CVE-2017-7167
Trust: 2.5
db:JVNDBid:JVNDB-2017-013145
Trust: 0.8
db:CNNVDid:CNNVD-201703-825
Trust: 0.7
db:VULHUBid:VHN-115370
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115370 // 
            
            
            
            JVNDB: JVNDB-2017-013145 // 
            
            
            
            CNNVD: CNNVD-201703-825 // 
            
            
            
            NVD: CVE-2017-7167

REFERENCES
url:https://support.apple.com/ht208456
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7167
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7167
Trust: 0.8
sources:
            
            
            VULHUB: VHN-115370 // 
            
            
            
            JVNDB: JVNDB-2017-013145 // 
            
            
            
            CNNVD: CNNVD-201703-825 // 
            
            
            
            NVD: CVE-2017-7167

SOURCES
db:VULHUBid:VHN-115370
db:JVNDBid:JVNDB-2017-013145
db:CNNVDid:CNNVD-201703-825
db:NVDid:CVE-2017-7167

LAST UPDATE DATE
2024-08-14T14:12:54.241000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115370date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2017-013145date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201703-825date:2018-04-04T00:00:00
db:NVDid:CVE-2017-7167date:2018-05-04T13:06:55.457

SOURCES RELEASE DATE
db:VULHUBid:VHN-115370date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013145date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201703-825date:2017-03-20T00:00:00
db:NVDid:CVE-2017-7167date:2018-04-03T06:29:02.530