CVE-2011-3450

2012-02-0218:55:01

CWE-399

apple

web.nvd.nist.gov

apple

mac os x

coreui

cve-2011-3450

security

vulnerability

remote code execution

memory consumption

denial of service

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0.005

Percentile

75.9%

JSON

CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.

Affected configurations

Nvd

Node

applemac_os_xMatch10.7.0

applemac_os_xMatch10.7.1

applemac_os_xMatch10.7.2

applemac_os_x_serverMatch10.7.0

applemac_os_x_serverMatch10.7.1

applemac_os_x_serverMatch10.7.2

VendorProductVersionCPE
applemac_os_x10.7.0cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
applemac_os_x10.7.1cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*
applemac_os_x10.7.2cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*
applemac_os_x_server10.7.0cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
applemac_os_x_server10.7.1cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*
applemac_os_x_server10.7.2cpe:2.3:o:apple:mac_os_x_server:10.7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	10.7.0	cpe:2.3:o:apple:mac_os_x:10.7.0:::::::*
apple	mac_os_x	10.7.1	cpe:2.3:o:apple:mac_os_x:10.7.1:::::::*
apple	mac_os_x	10.7.2	cpe:2.3:o:apple:mac_os_x:10.7.2:::::::*
apple	mac_os_x_server	10.7.0	cpe:2.3:o:apple:mac_os_x_server:10.7.0:::::::*
apple	mac_os_x_server	10.7.1	cpe:2.3:o:apple:mac_os_x_server:10.7.1:::::::*
apple	mac_os_x_server	10.7.2	cpe:2.3:o:apple:mac_os_x_server:10.7.2:::::::*