Lucene search

[email protected]CVE-2015-7015

HistoryOct 23, 2015 - 9:59 p.m.

CVE-2015-7015

2015-10-2321:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-7015

buffer overflow

dns client

apple ios

os x

watchos

security vulnerability

nvd

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

67.9%

JSON

Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.

CPENameOperatorVersion
apple:iphone_osapple iphone osle9.0.2
apple:watchosapple watchosle2.0.0
apple:mac_os_xapple mac os xle10.11.0

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	9.0.2
apple:watchos	apple watchos	le	2.0.0
apple:mac_os_x	apple mac os x	le	10.11.0

References

lists.apple.com/archives/security-announce/2015/Oct/msg00002.html

lists.apple.com/archives/security-announce/2015/Oct/msg00003.html

lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

www.securitytracker.com/id/1033929

support.apple.com/HT205370

support.apple.com/HT205375

support.apple.com/HT205378

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVE-2015-7015

prion1 securityvulns6 openvas1 nessus4