Lucene search

[email protected]CVE-2015-3776

HistoryAug 16, 2015 - 11:59 p.m.

CVE-2015-3776

2015-08-1623:59:49

CWE-119

[email protected]

web.nvd.nist.gov

iokit

apple

ios

os x

cve-2015-3776

code execution

denial of service

memory corruption

application crash

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.3%

JSON

IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.

Affected configurations

NVD

Node

appleiphone_osRange≤8.4

applemac_os_xRange≤10.10.4

CPENameOperatorVersion
apple:iphone_osapple iphone osle8.4
apple:mac_os_xapple mac os xle10.10.4

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	8.4
apple:mac_os_x	apple mac os x	le	10.10.4

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

www.securityfocus.com/bid/76343

www.securitytracker.com/id/1033275

support.apple.com/kb/HT205030

support.apple.com/kb/HT205031

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.3%

JSON

Related for CVE-2015-3776

cvelist1 nvd1 prion1 apple2 nessus3 securityvulns4