cvelistv5 - CVE-2012-2619

CVE-2012-2619 (GCVE-0-2012-2619)

Vulnerability from cvelistv5

Published

2012-11-14 11:00

Modified

2024-08-06 19:42

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html
cve@mitre.org	http://support.apple.com/kb/HT5642
cve@mitre.org	http://support.apple.com/kb/HT5643
cve@mitre.org	http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329	Exploit
cve@mitre.org	http://www.kb.cert.org/vuls/id/160027	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5642
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5643
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/160027	US Government Resource

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:42:30.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2013-01-28-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5642"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329"
          },
          {
            "name": "VU#160027",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/160027"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5643"
          },
          {
            "name": "APPLE-SA-2013-01-28-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-01-30T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2013-01-28-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5642"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329"
        },
        {
          "name": "VU#160027",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/160027"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5643"
        },
        {
          "name": "APPLE-SA-2013-01-28-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2013-01-28-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5642",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5642"
            },
            {
              "name": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329"
            },
            {
              "name": "VU#160027",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/160027"
            },
            {
              "name": "http://support.apple.com/kb/HT5643",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5643"
            },
            {
              "name": "APPLE-SA-2013-01-28-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-2619",
    "datePublished": "2012-11-14T11:00:00",
    "dateReserved": "2012-05-10T00:00:00",
    "dateUpdated": "2024-08-06T19:42:30.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2619\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-11-14T12:30:58.740\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.\"},{\"lang\":\"es\",\"value\":\"Los chips Wi-Fi Broadcom BCM4325 y BCM4329, tal y como se utiliza en ciertos productos Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung y Sony, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de limites y corte de Wi-Fi) a trav\u00e9s de un elemento de informaci\u00f3n 802.11i RSN.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:broadcom:bcm4325:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA4163F3-10B5-40E7-9561-84C33356181A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:broadcom:bcm4329:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5172ED34-F2F8-4803-A3D8-AF827262CE35\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.2\",\"matchCriteriaId\":\"0FD52712-0484-421B-A5DD-2CF0B4C027BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEE0068D-C699-4646-9658-610409925A79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C215DD-BC98-4283-BF13-69556EF7CB78\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT5642\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT5643\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/160027\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/160027\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]}]}}"
  }
}

gsd-2012-2619

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-2619

Aliases

CVE-2012-2619

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2619",
    "description": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.",
    "id": "GSD-2012-2619",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2012-2619"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2619"
      ],
      "details": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.",
      "id": "GSD-2012-2619",
      "modified": "2023-12-13T01:20:15.731432Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-2619",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2013-01-28-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT5642",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5642"
          },
          {
            "name": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329",
            "refsource": "MISC",
            "url": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329"
          },
          {
            "name": "VU#160027",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/160027"
          },
          {
            "name": "http://support.apple.com/kb/HT5643",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5643"
          },
          {
            "name": "APPLE-SA-2013-01-28-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:broadcom:bcm4325:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:broadcom:bcm4329:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2619"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#160027",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/160027"
            },
            {
              "name": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329"
            },
            {
              "name": "APPLE-SA-2013-01-28-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
            },
            {
              "name": "APPLE-SA-2013-01-28-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5642",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5642"
            },
            {
              "name": "http://support.apple.com/kb/HT5643",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5643"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-02-05T05:00Z",
      "publishedDate": "2012-11-14T12:30Z"
    }
  }
}

ghsa-cw66-q853-7m23

Vulnerability from github

Published

2022-05-17 05:15

Modified

2022-05-17 05:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2619"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-11-14T12:30:00Z",
    "severity": "HIGH"
  },
  "details": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.",
  "id": "GHSA-cw66-q853-7m23",
  "modified": "2022-05-17T05:15:50Z",
  "published": "2022-05-17T05:15:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2619"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5642"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5643"
    },
    {
      "type": "WEB",
      "url": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/160027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2013-AVI-076

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple TV. Certaines d'entre elles permettent à un attaquant une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à Apple TV 5.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HT5643 du 28 janvier 2013	None	vendor-advisory
Bulletin de sécurité Apple HT5643 du 28 janvier 2013 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Apple TV 5.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0964"
    },
    {
      "name": "CVE-2012-2619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2619"
    }
  ],
  "initial_release_date": "2013-01-30T00:00:00",
  "last_revision_date": "2013-01-30T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5643 du 28 janvier 2013 :",
      "url": "http://support.apple.com/kb/HT5643"
    }
  ],
  "reference": "CERTA-2013-AVI-076",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple TV\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple TV",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HT5643 du 28 janvier 2013",
      "url": null
    }
  ]
}

CERTA-2013-AVI-075

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple iOS. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire à distance au moyen de pages Web spécialement conçues.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions antérieures à 6.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5642 du 28 janvier 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iOS versions ant\u00e9rieures \u00e0 6.1\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3607"
    },
    {
      "name": "CVE-2013-0956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0956"
    },
    {
      "name": "CVE-2013-0949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0949"
    },
    {
      "name": "CVE-2012-3701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3701"
    },
    {
      "name": "CVE-2013-0963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0963"
    },
    {
      "name": "CVE-2013-0974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0974"
    },
    {
      "name": "CVE-2013-0952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0952"
    },
    {
      "name": "CVE-2013-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0953"
    },
    {
      "name": "CVE-2013-0954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0954"
    },
    {
      "name": "CVE-2012-2824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2824"
    },
    {
      "name": "CVE-2013-0950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0950"
    },
    {
      "name": "CVE-2012-3606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3606"
    },
    {
      "name": "CVE-2013-0959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0959"
    },
    {
      "name": "CVE-2012-2889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2889"
    },
    {
      "name": "CVE-2013-0962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0962"
    },
    {
      "name": "CVE-2011-3058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3058"
    },
    {
      "name": "CVE-2013-0964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0964"
    },
    {
      "name": "CVE-2013-0955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0955"
    },
    {
      "name": "CVE-2012-2619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2619"
    },
    {
      "name": "CVE-2013-0968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0968"
    },
    {
      "name": "CVE-2013-0958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0958"
    },
    {
      "name": "CVE-2012-3632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3632"
    },
    {
      "name": "CVE-2013-0948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0948"
    },
    {
      "name": "CVE-2012-2857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2857"
    },
    {
      "name": "CVE-2012-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3621"
    },
    {
      "name": "CVE-2012-3687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3687"
    },
    {
      "name": "CVE-2013-0951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0951"
    }
  ],
  "initial_release_date": "2013-01-30T00:00:00",
  "last_revision_date": "2013-01-30T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-075",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen de pages Web\nsp\u00e9cialement con\u00e7ues.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5642 du 28 janvier 2013",
      "url": "http://support.apple.com/kb/HT5642"
    }
  ]
}

fkie_cve-2012-2619

Vulnerability from fkie_nvd

Published

2012-11-14 12:30

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html
cve@mitre.org	http://support.apple.com/kb/HT5642
cve@mitre.org	http://support.apple.com/kb/HT5643
cve@mitre.org	http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329	Exploit
cve@mitre.org	http://www.kb.cert.org/vuls/id/160027	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5642
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5643
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/160027	US Government Resource

Impacted products

Vendor	Product	Version
broadcom	bcm4325	*
broadcom	bcm4329	*
apple	iphone_os	*
apple	iphone_os	6.0
apple	iphone_os	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:broadcom:bcm4325:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA4163F3-10B5-40E7-9561-84C33356181A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:broadcom:bcm4329:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5172ED34-F2F8-4803-A3D8-AF827262CE35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FD52712-0484-421B-A5DD-2CF0B4C027BD",
              "versionEndIncluding": "6.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE0068D-C699-4646-9658-610409925A79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C215DD-BC98-4283-BF13-69556EF7CB78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element."
    },
    {
      "lang": "es",
      "value": "Los chips Wi-Fi Broadcom BCM4325 y BCM4329, tal y como se utiliza en ciertos productos Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung y Sony, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de limites y corte de Wi-Fi) a trav\u00e9s de un elemento de informaci\u00f3n 802.11i RSN.\r\n"
    }
  ],
  "id": "CVE-2012-2619",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-14T12:30:58.740",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT5642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT5643"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/160027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/160027"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Broadcom Multiple products that use wireless chipset made of service disruption (DoS) Vulnerabilities exist. Broadcom Multiple wireless chipset firmware provided by the (DoS) Vulnerabilities exist.Service disruption by a third party (DoS) There is a possibility of being attacked. The BCM4325 and BCM4329 chips are used in a variety of mobile device chips. An attacker can send an RSN (802.11i) information element that can cause the Wi-Fi NIC to stop responding. The following products use BCM4325 and BCM4329 chips: BCM4325 Apple iPhone 3GS Apple iPod 2GHTC Touch Pro 2HTC Droid IncredibleSamsung SpicaAcer LiquidMotorola DevourFord Edge BCM4329Apple iPhone 4Apple iPhone 4 VerizonApple iPod 3GApple iPad Wi-FiApple iPad 3GApple iPad 2Apple Tv 2GMotorola XoomMotorola Droid X2Motorola AtrixSamsung Galaxy TabSamsung Galaxy S 4GSamsung Nexus SSamsung StratosphereSamsung FascinateHTC Nexus OneHTC Evo 4GHTC ThunderBoltHTC Droid Incredible 2LG RevolutionSony Ericsson Xperia PlayPantech BreakoutNokia Lumina 800Kyocera EchoAsus Transformer PrimeMalata ZPad. Broadcom BCM4325 and BCM4329 Wireless Chipsets are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Due to the nature of this issue, sensitive information may be obtained. The following Chipsets are vulnerable: BCM4325 BCM4329. Broadcom is the world's leading semiconductor company for wired and wireless communications. Vulnerabilities exist in Chipsets BCM4325 and BCM4329 versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2013-01-28-1 iOS 6.1 Software Update

iOS 6.1 Software Update is now available and addresses the following:

Identity Services Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Authentication relying on certificate-based Apple ID authentication may be bypassed Description: An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string. CVE-ID CVE-2013-0963

International Components for Unicode Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table. CVE-ID CVE-2011-3058 : Masato Kinugawa

Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user-mode process may be able to access the first page of kernel memory Description: The iOS kernel has checks to validate that the user- mode pointer and length passed to the copyin and copyout functions would not result in a user-mode process being able to directly access kernel memory. The checks were not being used if the length was smaller than one page. This issue was addressed through additional validation of the arguments to copyin and copyout. CVE-ID CVE-2013-0964 : Mark Dowd of Azimuth Security

Security Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates.

StoreKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: JavaScript may be enabled in Mobile Safari without user interaction Description: If a user disabled JavaScript in Safari Preferences, visiting a site which displayed a Smart App Banner would re-enable JavaScript without warning the user. This issue was addressed by not enabling JavaScript when visiting a site with a Smart App Banner. CVE-ID CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben Madison of BitCloud, Marek Durcek

WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2012-2824 : miaubiz CVE-2012-2857 : Arthur Gerkis CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3621 : Skylined of the Google Chrome Security Team CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3687 : kuzzcc CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0951 : Apple CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team CVE-2013-0955 : Apple CVE-2013-0956 : Apple Product Security CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2013-0968 : Aaron Nelson

WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Copying and pasting content on a malicious website may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in the handling of content pasted from a different origin. This issue was addressed through additional validation of pasted content. CVE-ID CVE-2013-0962 : Mario Heiderich of Cure53

WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of frame elements. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2889 : Sergey Glazunov

WiFi Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation), iPad 2 Impact: A remote attacker on the same WiFi network may be able to temporarily disable WiFi Description: An out of bounds read issue exists in Broadcom's BCM4325 and BCM4329 firmware's handling of 802.11i information elements. This issue was addressed through additional validation of 802.11i information elements. CVE-ID CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "6.1".

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/ glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC 1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4 KI3sdgb6PtpZWuIJ6iZA =J2jv -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201211-0020",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "bcm4325",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "*"
      },
      {
        "model": "bcm4329",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "*"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "htc",
        "version": null
      },
      {
        "model": "bcm4325",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "bcm4329",
        "scope": null,
        "trust": 0.8,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1   (ipad 2)"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1   (iphone 3gs)"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1   (iphone 4)"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1   (ipod touch first  4 generation )"
      },
      {
        "model": "bcm4325/bcm4329",
        "scope": null,
        "trust": 0.6,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "db": "BID",
        "id": "56184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2619"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:broadcom:bcm4325",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:broadcom:bcm4329",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andres Blanco and Matias Eissler",
    "sources": [
      {
        "db": "BID",
        "id": "56184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2012-2619",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2012-2619",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 6.1,
            "collateralDamagePotential": "NOT DEFINED",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 4.8,
            "exploitability": "PROOF-OF-CONCEPT",
            "exploitabilityScore": 6.5,
            "id": "CVE-2012-2619",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "MEDIUM",
            "targetDistribution": "NOT DEFINED",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vector_string": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-55900",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-2619",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-2619",
            "trust": 0.8,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-2619",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201210-545",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-55900",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2619"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Broadcom Multiple products that use wireless chipset made of service disruption (DoS) Vulnerabilities exist. Broadcom Multiple wireless chipset firmware provided by the (DoS) Vulnerabilities exist.Service disruption by a third party (DoS) There is a possibility of being attacked. The BCM4325 and BCM4329 chips are used in a variety of mobile device chips. An attacker can send an RSN (802.11i) information element that can cause the Wi-Fi NIC to stop responding. The following products use BCM4325 and BCM4329 chips: BCM4325 Apple iPhone 3GS Apple iPod 2GHTC Touch Pro 2HTC Droid IncredibleSamsung SpicaAcer LiquidMotorola DevourFord Edge BCM4329Apple iPhone 4Apple iPhone 4 VerizonApple iPod 3GApple iPad Wi-FiApple iPad 3GApple iPad 2Apple Tv 2GMotorola XoomMotorola Droid X2Motorola AtrixSamsung Galaxy TabSamsung Galaxy S 4GSamsung Nexus SSamsung StratosphereSamsung FascinateHTC Nexus OneHTC Evo 4GHTC ThunderBoltHTC Droid Incredible 2LG RevolutionSony Ericsson Xperia PlayPantech BreakoutNokia Lumina 800Kyocera EchoAsus Transformer PrimeMalata ZPad. Broadcom BCM4325 and BCM4329 Wireless Chipsets are prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause an affected device to crash,  denying service to legitimate users. Due to the nature of this issue,  sensitive information may be obtained. \nThe following Chipsets are vulnerable:\nBCM4325\nBCM4329. Broadcom is the world\u0027s leading semiconductor company for wired and wireless communications. Vulnerabilities exist in Chipsets BCM4325 and BCM4329 versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-01-28-1 iOS 6.1 Software Update\n\niOS 6.1 Software Update is now available and addresses the following:\n\nIdentity Services\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Authentication relying on certificate-based Apple ID\nauthentication may be bypassed\nDescription:  An error handling issue existed in Identity Services. \nIf the user\u0027s AppleID certificate failed to validate, the user\u0027s\nAppleID was assumed to be the empty string. If multiple systems\nbelonging to different users enter this state, applications relying\non this identity determination may erroneously extend trust. This\nissue was addressed by ensuring that NULL is returned instead of an\nempty string. \nCVE-ID\nCVE-2013-0963\n\nInternational Components for Unicode\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A canonicalization issue existed in the handling of the\nEUC-JP encoding, which could lead to a cross-site scripting attack on\nEUC-JP encoded websites. This issue was addressed by updating the\nEUC-JP mapping table. \nCVE-ID\nCVE-2011-3058 : Masato Kinugawa\n\nKernel\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  A user-mode process may be able to access the first page of\nkernel memory\nDescription:  The iOS kernel has checks to validate that the user-\nmode pointer and length passed to the copyin and copyout functions\nwould not result in a user-mode process being able to directly access\nkernel memory. The checks were not being used if the length was\nsmaller than one page. This issue was addressed through additional\nvalidation of the arguments to copyin and copyout. \nCVE-ID\nCVE-2013-0964 : Mark Dowd of Azimuth Security\n\nSecurity\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription:  Several intermediate CA certificates were mistakenly\nissued by TURKTRUST. This may allow a man-in-the-middle attacker to\nredirect connections and intercept user credentials or other\nsensitive information. This issue was addressed by not allowing the\nincorrect SSL certificates. \n\nStoreKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  JavaScript may be enabled in Mobile Safari without user\ninteraction\nDescription:  If a user disabled JavaScript in Safari Preferences,\nvisiting a site which displayed a Smart App Banner would re-enable\nJavaScript without warning the user. This issue was addressed by not\nenabling JavaScript when visiting a site with a Smart App Banner. \nCVE-ID\nCVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben\nMadison of BitCloud, Marek Durcek\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2012-2824 : miaubiz\nCVE-2012-2857 : Arthur Gerkis\nCVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3621 : Skylined of the Google Chrome Security Team\nCVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2012-3687 : kuzzcc\nCVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0951 : Apple\nCVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the\nGoogle Chrome Security Team\nCVE-2013-0955 : Apple\nCVE-2013-0956 : Apple Product Security\nCVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security\nTeam\nCVE-2013-0968 : Aaron Nelson\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Copying and pasting content on a malicious website may lead\nto a cross-site scripting attack\nDescription:  A cross-site scripting issue existed in the handling of\ncontent pasted from a different origin. This issue was addressed\nthrough additional validation of pasted content. \nCVE-ID\nCVE-2013-0962 : Mario Heiderich of Cure53\n\nWebKit\nAvailable for:  iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-site scripting issue existed in the handling of\nframe elements. This issue was addressed through improved origin\ntracking. \nCVE-ID\nCVE-2012-2889 : Sergey Glazunov\n\nWiFi\nAvailable for:  iPhone 3GS, iPhone 4, iPod touch (4th generation),\niPad 2\nImpact:  A remote attacker on the same WiFi network may be able to\ntemporarily disable WiFi\nDescription:  An out of bounds read issue exists in Broadcom\u0027s\nBCM4325 and BCM4329 firmware\u0027s handling of 802.11i information\nelements. This issue was addressed through additional validation of\n802.11i information elements. \nCVE-ID\nCVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"6.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB\nD0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW\nepxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X\nu/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo\nMZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF\nO5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/\nglLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC\n1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC\nKXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR\nXpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi\nAZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4\nKI3sdgb6PtpZWuIJ6iZA\n=J2jv\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2619"
      },
      {
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "db": "BID",
        "id": "56184"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55900"
      },
      {
        "db": "PACKETSTORM",
        "id": "119897"
      },
      {
        "db": "PACKETSTORM",
        "id": "119898"
      }
    ],
    "trust": 3.42
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.kb.cert.org/vuls/id/160027",
        "trust": 0.8,
        "type": "poc"
      },
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-55900",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55900"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#160027",
        "trust": 3.9
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2619",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "56184",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "119898",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "118150",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "22739",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-76537",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-55900",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "119897",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55900"
      },
      {
        "db": "BID",
        "id": "56184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "db": "PACKETSTORM",
        "id": "119897"
      },
      {
        "db": "PACKETSTORM",
        "id": "119898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2619"
      }
    ]
  },
  "id": "VAR-201211-0020",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55900"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      }
    ]
  },
  "last_update_date": "2024-11-23T20:27:41.100000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT5642",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5642"
      },
      {
        "title": "HT5642",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5642?viewlocale=ja_JP"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.broadcom.com/"
      },
      {
        "title": "Broadcom BCM4325 and BCM4329 Wireless Chips Cross-Boundary Read Denial of Service Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/24193"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2619"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/160027"
      },
      {
        "trust": 1.9,
        "url": "http://support.apple.com/kb/ht5642"
      },
      {
        "trust": 1.7,
        "url": "http://www.coresecurity.com/content/broadcom-input-validation-bcm4325-bcm4329"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/jan/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/jan/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht5643"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2619"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu160027/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2619"
      },
      {
        "trust": 0.6,
        "url": "http://www.kb.cert.org/vuls/id/160027http"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/56184"
      },
      {
        "trust": 0.3,
        "url": "http://www.broadcom.com/products/wireless-lan"
      },
      {
        "trust": 0.2,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2619"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0964"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0956"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3687"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3632"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0954"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0955"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0948"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2889"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3621"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0959"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0952"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3701"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0949"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0962"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0968"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3058"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0953"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3606"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0963"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55900"
      },
      {
        "db": "BID",
        "id": "56184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "db": "PACKETSTORM",
        "id": "119897"
      },
      {
        "db": "PACKETSTORM",
        "id": "119898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2619"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55900"
      },
      {
        "db": "BID",
        "id": "56184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "db": "PACKETSTORM",
        "id": "119897"
      },
      {
        "db": "PACKETSTORM",
        "id": "119898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2619"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-10-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "date": "2012-10-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "date": "2012-11-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-55900"
      },
      {
        "date": "2012-10-23T00:00:00",
        "db": "BID",
        "id": "56184"
      },
      {
        "date": "2012-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "date": "2013-01-30T02:53:29",
        "db": "PACKETSTORM",
        "id": "119897"
      },
      {
        "date": "2013-01-30T02:58:08",
        "db": "PACKETSTORM",
        "id": "119898"
      },
      {
        "date": "2012-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      },
      {
        "date": "2012-11-14T12:30:58.740000",
        "db": "NVD",
        "id": "CVE-2012-2619"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-01-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#160027"
      },
      {
        "date": "2012-10-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-6066"
      },
      {
        "date": "2013-02-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-55900"
      },
      {
        "date": "2013-01-28T21:10:00",
        "db": "BID",
        "id": "56184"
      },
      {
        "date": "2013-02-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-005120"
      },
      {
        "date": "2012-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      },
      {
        "date": "2024-11-21T01:39:18.613000",
        "db": "NVD",
        "id": "CVE-2012-2619"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#160027"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201210-545"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-2619 (GCVE-0-2012-2619)

Vulnerability from cvelistv5

gsd-2012-2619

Vulnerability from gsd

ghsa-cw66-q853-7m23

Vulnerability from github

CERTA-2013-AVI-076

Vulnerability from certfr_avis

Solution

CERTA-2013-AVI-075

Vulnerability from certfr_avis

Solution

fkie_cve-2012-2619

Vulnerability from fkie_nvd

var-201211-0020

Vulnerability from variot

Tags

Sightings

Nomenclature