Lucene search

PRIOn knowledge basePRION:CVE-2014-8611

HistorySep 18, 2015 - 10:59 a.m.

Heap overflow

2015-09-1810:59:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

32.7%

JSON

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

CPENameOperatorVersion
iphone_osle8.4.1
mac_os_xle10.10.5
freebsdeq10.1

Name	Operator	Version
iphone_os	le	8.4.1
mac_os_x	le	10.10.5
freebsd	eq	10.1

References

lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

support.apple.com/HT205212

support.apple.com/HT205267

svnweb.freebsd.org/base?view=revision&revision=275665

www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc

7.8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

32.7%

JSON

Related for PRION:CVE-2014-8611