CVE-2013-3955
Summary
| CVE | CVE-2013-3955 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-06-05 14:39:00 UTC |
| Updated | 2013-10-11 03:53:00 UTC |
| Description | The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Apple | Ipad | All | All | All | All |
| Hardware | Apple | Ipad | All | All | All | All |
| Hardware | Apple | Ipad2 | - | All | All | All |
| Hardware | Apple | Ipad2 | - | All | All | All |
| Hardware | Apple | Ipad Mini | - | All | All | All |
| Hardware | Apple | Ipad Mini | - | All | All | All |
| Operating System | Apple | Iphone Os | 5.0 | All | All | All |
| Operating System | Apple | Iphone Os | 5.0.1 | All | All | All |
| Operating System | Apple | Iphone Os | 5.1 | All | All | All |
| Operating System | Apple | Iphone Os | 5.1.1 | All | All | All |
| Operating System | Apple | Iphone Os | 6.0 | All | All | All |
| Operating System | Apple | Iphone Os | 6.0.1 | All | All | All |
| Operating System | Apple | Iphone Os | 6.0.2 | All | All | All |
| Operating System | Apple | Iphone Os | 6.1 | All | All | All |
| Operating System | Apple | Iphone Os | 6.1.2 | All | All | All |
| Operating System | Apple | Iphone Os | 6.1.3 | All | All | All |
| Operating System | Apple | Iphone Os | 5.0 | All | All | All |
| Operating System | Apple | Iphone Os | 5.0.1 | All | All | All |
| Operating System | Apple | Iphone Os | 5.1 | All | All | All |
| Operating System | Apple | Iphone Os | 5.1.1 | All | All | All |
| Operating System | Apple | Iphone Os | 6.0 | All | All | All |
| Operating System | Apple | Iphone Os | 6.0.1 | All | All | All |
| Operating System | Apple | Iphone Os | 6.0.2 | All | All | All |
| Operating System | Apple | Iphone Os | 6.1 | All | All | All |
| Operating System | Apple | Iphone Os | 6.1.2 | All | All | All |
| Operating System | Apple | Iphone Os | 6.1.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of iOS 7 | CONFIRM | support.apple.com | |
| SyScan'14 Singapore - Day 2 (4th April 2014) | MISC | www.syscan.org | |
| 404 - Not Found | MISC | antid0te.com | Exploit |
| Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| APPLE-SA-2013-09-18-2 iOS 7 | APPLE | lists.apple.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.