Skip to main content

Libplist CVE-2017-5835

HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2017-03-03 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 03, 2017 - 15:59 cve.org
HIGH 7.5

DescriptionCVE.org

libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.

AnalysisAI

libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. Affected products include: Libimobiledevice Libplist.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.

CVE-2017-6438 HIGH POC
7.3 Mar 15

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local

CVE-2017-5545 CRITICAL
9.1 Jan 21

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive informat

CVE-2017-5209 CRITICAL
9.1 Jan 11

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive inf

CVE-2017-6435 MEDIUM POC
5.0 Mar 15

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of ser

CVE-2017-6436 MEDIUM POC
5.0 Mar 15

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of ser

CVE-2017-6437 MEDIUM POC
5.0 Mar 15

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service

CVE-2017-6440 MEDIUM POC
5.0 Mar 15

The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of servi

CVE-2017-6439 MEDIUM POC
5.0 Mar 15

Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local

CVE-2017-5836 HIGH
7.5 Mar 03

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors in

CVE-2017-5834 MEDIUM
5.5 Mar 03

The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap r

CVE-2017-7982 MEDIUM
5.5 Apr 20

Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote

Share

CVE-2017-5835 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy