9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%
mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference.
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) - CVE-2015-7987
Improper bounds checking in “GetValueForIPv4Addr()
”, “GetValueForMACAddr()
”, “rfc3110_import()
”, and “CopyNSEC3ResourceRecord()
” functions may allow an attacker to read or write memory.
CWE-476: NULL Pointer Dereference - CVE-2015-7988
Improper input validation in “handle_regservice_request()
” may allow an attacker to execute arbitrary code or cause a denial of service.
Apple has also issued a security advisory for these issues.
mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues. The CVSS score below is based on CVE-2015-7987.
A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder.
Apply an update
mDNSResponder 625.41.2 has been released to address these issues. Affected users should update as soon as possible.
143335
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: November 03, 2015 Updated: January 27, 2016
Statement Date: January 27, 2016
Affected
We have not received a statement from the vendor.
Android is affected by CVE-2015-7988; fix targeted for next major build of Android (Android N).
Notified: October 16, 2015 Updated: October 23, 2015
Statement Date: October 16, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 22, 2016 Updated: February 15, 2016
Statement Date: February 12, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 22, 2016 Updated: January 25, 2016
Statement Date: January 23, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 23, 2015 Updated: October 23, 2015
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 23, 2015 Updated: January 22, 2016
Statement Date: January 22, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 22, 2016 Updated: January 25, 2016
Statement Date: January 22, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 22, 2016 Updated: January 25, 2016
Statement Date: January 25, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 23, 2015 Updated: January 22, 2016
Statement Date: January 22, 2016
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: June 15, 2016 Updated: June 15, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 25, 2016 Updated: March 25, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: January 22, 2016 Updated: January 22, 2016
Unknown
We have not received a statement from the vendor.
Notified: March 22, 2016 Updated: March 21, 2016
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
Notified: October 23, 2015 Updated: October 23, 2015
Unknown
We have not received a statement from the vendor.
View all 79 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Temporal | 5.3 | E:POC/RL:OF/RC:C |
Environmental | 4.0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-7987, CVE-2015-7988 |
---|---|
Date Public: | 2016-06-20 Date First Published: |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%