Veracode Vulnerability DatabaseVERACODE:3367Exposure Of Kernel Memory Layout Information
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
NetworkExtension is vulnerable to exposure of the kernel memory layout. The vulnerability is possible because it does not handle the uninitialized memory issue. Therefore, when the memory is not initialized properly, attackers can get sensitive kernel memory layout information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| networkextension | eq | 1.0.0 |
References
lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
www.securityfocus.com/bid/76764
www.securitytracker.com/id/1033609
lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
security-tracker.debian.org/tracker/CVE-2015-5831
support.apple.com/HT205212
support.apple.com/HT205267
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N