Skip to main content

Libplist CVE-2017-6440

MEDIUM
Improper Input Validation (CWE-20)
2017-03-15 cve@mitre.org
5.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 15, 2017 - 14:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.

AnalysisAI

The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. Affected products include: Libplist Project Libplist.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-6438 HIGH POC
7.3 Mar 15

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local

CVE-2017-5545 CRITICAL
9.1 Jan 21

The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive informat

CVE-2017-5209 CRITICAL
9.1 Jan 11

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive inf

CVE-2017-6435 MEDIUM POC
5.0 Mar 15

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of ser

CVE-2017-6436 MEDIUM POC
5.0 Mar 15

The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of ser

CVE-2017-6437 MEDIUM POC
5.0 Mar 15

The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service

CVE-2017-6439 MEDIUM POC
5.0 Mar 15

Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local

CVE-2017-5835 HIGH
7.5 Mar 03

libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offs

CVE-2017-5836 HIGH
7.5 Mar 03

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors in

CVE-2017-5834 MEDIUM
5.5 Mar 03

The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap r

CVE-2017-7982 MEDIUM
5.5 Apr 20

Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote

Share

CVE-2017-6440 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy