Lucene search

PRIOn knowledge basePRION:CVE-2017-13849

HistoryNov 13, 2017 - 3:29 a.m.

Design/Logic Flaw

2017-11-1303:29:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file.

CPENameOperatorVersion
iphone_oslt11.1
tvoslt11.1
watchoslt4.1

Name	Operator	Version
iphone_os	lt	11.1
tvos	lt	11.1
watchos	lt	4.1

References

www.securityfocus.com/bid/101691

www.securitytracker.com/id/1039703

support.apple.com/HT208219

support.apple.com/HT208220

support.apple.com/HT208222

www.exploit-db.com/exploits/43161/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for PRION:CVE-2017-13849