Lucene search
RootSSV:92886HistoryApr 04, 2017 - 12:00 a.m.
MacOS/iOS kernel memory corruption due to bad bounds checking in necp_client_copy_interface(CVE-2017-2473)
2017-04-0400:00:00
Root
www.seebug.org
12
0.003 Low
EPSS
Percentile
68.7%
necp_client_copy_interface contains this code where interface_index is an attacker controlled a uint32_t that: if (interface_index != IFSCOPE_NONE && (int)interface_index <= if_index) { interface = ifindex2ifnet[interface_index]; }
This leads to an interface pointer being read out of bounds. This can lead to kernel memory disclosure and also memory corruption as a lock is taken on the interface object.
tested on MacOS 10.12.3 (16D32) on MacbookAir5,2
Attachment: necp_sign. c
Related
cve
cve
CVE-2017-2473
2017-04-02 01:59:03
nvd
nvd
CVE-2017-2473
2017-04-02 01:59:03
zdt
zdt
prion
prion
Memory corruption
2017-04-02 01:59:00
cvelist
cvelist
CVE-2017-2473
2017-04-02 01:36:00
apple
apple
About the security content of watchOS 3.2
2017-03-27 00:00:00
About the security content of watchOS 3.2 - Apple Support
2017-04-04 03:34:42
About the security content of tvOS 10.2 - Apple Support
2017-06-20 10:43:59
nessus
nessus
Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities
2017-03-31 00:00:00
Apple TV < 10.2 Multiple Vulnerabilities
2017-04-02 00:00:00
Apple TV < 10.2 Multiple Vulnerabilities
2017-04-10 00:00:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities (HT207615)
2017-03-31 00:00:00