Apple Xcode up to 8.3.3 ld64 memory corruption

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Apple Xcode up to 8.3.3 (Programming Tool Software). It has been rated as critical. Affected by this issue is an unknown function of the component ld64. Upgrading to version 9.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/19/2019 10:13 AM01/14/2021 10:57 AM01/14/2021 11:01 AM
typeProgramming Tool SoftwareProgramming Tool SoftwareProgramming Tool Software
vendorAppleAppleApple
nameXcodeXcodeXcode
version<=8.3.3<=8.3.3<=8.3.3
componentld64ld64ld64
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore7.07.07.0
cvss3_meta_tempscore6.76.76.7
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
advisoryquoteMultiple memory corruption issues were addressed with improved memory handling.Multiple memory corruption issues were addressed with improved memory handling.Multiple memory corruption issues were addressed with improved memory handling.
date1505865600 (09/20/2017)1505865600 (09/20/2017)1505865600 (09/20/2017)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://support.apple.com/en-us/HT208103https://support.apple.com/en-us/HT208103https://support.apple.com/en-us/HT208103
identifierHT208103HT208103HT208103
coordination111
company_nameTencentTencentTencent
disputed000
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
date1505865600 (09/20/2017)1505865600 (09/20/2017)1505865600 (09/20/2017)
upgrade_version9.09.09.0
cveCVE-2017-7137CVE-2017-7137CVE-2017-7137
cve_nvd_published150863040015086304001508630400
securityfocus100894100894100894
securityfocus_titleApple Xcode Multiple Memory Corruption VulnerabilitiesApple Xcode Multiple Memory Corruption VulnerabilitiesApple Xcode Multiple Memory Corruption Vulnerabilities
nessus_id103359103359103359
nessus_nameApple Xcode < 9.0 Multiple RCE (macOS)Apple Xcode < 9.0 Multiple RCE (macOS)Apple Xcode < 9.0 Multiple RCE (macOS)
nessus_filenamemacosx_xcode_9.naslmacosx_xcode_9.naslmacosx_xcode_9.nasl
nessus_riskHighHighHigh
nessus_familyMacOS X Local Security ChecksMacOS X Local Security ChecksMacOS X Local Security Checks
nessus_typelocallocallocal
nessus_date1505865600 (09/20/2017)1505865600 (09/20/2017)1505865600 (09/20/2017)
openvas_id840987840987840987
openvas_filenamegb_apple_xcode_code_exec_or_dos_vuln_macosx.naslgb_apple_xcode_code_exec_or_dos_vuln_macosx.naslgb_apple_xcode_code_exec_or_dos_vuln_macosx.nasl
openvas_titleApple Xcode Code Execution or Denial of Service VulnerabilitiesApple Xcode Code Execution or Denial of Service VulnerabilitiesApple Xcode Code Execution or Denial of Service Vulnerabilities
openvas_familyGeneralGeneralGeneral
seealso107068 107069 107070 107071 107073 107067 107477107068 107069 107070 107071 107073 107067 107477107068 107069 107070 107071 107073 107067 107477
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
0day_days111
cvss3_nvd_basescore7.87.87.8
discoverydate150577920015057792001505779200
person_nicknameriuskskriuskskriusksk
confirm_urlhttps://support.apple.com/HT208103https://support.apple.com/HT208103https://support.apple.com/HT208103
cve_assigned148970880014897088001489708800
securityfocus_date1505779200 (09/19/2017)1505779200 (09/19/2017)1505779200 (09/19/2017)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
cve_nvd_summaryAn issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.
sectracker10393861039386
cvss2_nvd_basescore6.86.8
person_nameriusksk

Might our Artificial Intelligence support you?

Check our Alexa App!