Lucene search

[email protected]CVE-2015-3798

HistoryAug 17, 2015 - 12:00 a.m.

CVE-2015-3798

2015-08-1700:00:13

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-3798

apple

ios

os x

libc

tre library

arbitrary code execution

denial of service

memory corruption

application crash

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.2%

JSON

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.

Affected configurations

NVD

Node

appleiphone_osRange≤8.4

Node

applemac_os_xRange≤10.10.4

CPENameOperatorVersion
apple:iphone_osapple iphone osle8.4

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	8.4

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

www.securityfocus.com/bid/76343

www.securitytracker.com/id/1033275

code.google.com/p/google-security-research/issues/detail?id=429

support.apple.com/kb/HT205030

support.apple.com/kb/HT205031

www.exploit-db.com/exploits/38262/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2015-3798

cve3 prion3 nvd4 cvelist3 zdt2 nessus6 mageia1 openvas4 fedora3 apple2 securityvulns4