CVE-2012-6702 in iTunes
摘要 (英语)
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
预定
2016-06-03
披露
2016-06-16
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 99037 | Apple iTunes Expat 弱加密 | 310 | 未定义 | 官方修复 | CVE-2012-6702 |
| 93485 | Google Android Expat 弱加密 | 310 | 未定义 | 官方修复 | CVE-2012-6702 |
| 87972 | expat srand 弱加密 | 310 | 未定义 | 官方修复 | CVE-2012-6702 |