cvelistv5 - CVE-2013-3950

CVE-2013-3950 (GCVE-0-2013-3950)

Vulnerability from cvelistv5

Published

2013-06-05 10:00

Modified

2024-08-06 16:30

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf	Exploit, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
cve@mitre.org	http://support.apple.com/kb/HT5934
cve@mitre.org	http://www.securitytracker.com/id/1029054
cve@mitre.org	http://www.syscan.org/index.php/sg/program/day/2
af854a3a-2127-422b-91ae-364da2661108	http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5934
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029054
af854a3a-2127-422b-91ae-364da2661108	http://www.syscan.org/index.php/sg/program/day/2

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:48.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.syscan.org/index.php/sg/program/day/2"
          },
          {
            "name": "1029054",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029054"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf"
          },
          {
            "name": "APPLE-SA-2013-10-22-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5934"
          },
          {
            "name": "APPLE-SA-2013-09-18-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-09-20T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.syscan.org/index.php/sg/program/day/2"
        },
        {
          "name": "1029054",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029054"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf"
        },
        {
          "name": "APPLE-SA-2013-10-22-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5934"
        },
        {
          "name": "APPLE-SA-2013-09-18-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3950",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.syscan.org/index.php/sg/program/day/2",
              "refsource": "MISC",
              "url": "http://www.syscan.org/index.php/sg/program/day/2"
            },
            {
              "name": "1029054",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029054"
            },
            {
              "name": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf",
              "refsource": "MISC",
              "url": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf"
            },
            {
              "name": "APPLE-SA-2013-10-22-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5934",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5934"
            },
            {
              "name": "APPLE-SA-2013-09-18-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3950",
    "datePublished": "2013-06-05T10:00:00",
    "dateReserved": "2013-06-05T00:00:00",
    "dateUpdated": "2024-08-06T16:30:48.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-3950\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-06-05T14:39:55.880\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n openSharedCacheFile en dyld.cpp en dyld en Apple iOS v5.1.x y v6.x hasta v6.1.3 hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques untethering a trav\u00e9s de una cadena larga en la variable de entorno DYLD_SHARED_CACHE_DIR.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E78F1F2C-2BFF-4D55-A754-102D6C42081B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A4AF71-8E71-432A-B908-361DAF99F4B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEE0068D-C699-4646-9658-610409925A79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C215DD-BC98-4283-BF13-69556EF7CB78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1C3966E-C136-47A9-B5B4-70613756ED27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22AD2A1F-A637-47DE-A69F-DAE4ABDFA4BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6D398B8-821B-4DE9-ADF1-4983051F964C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0CCE5F2-4D32-404B-BAAC-E64F11BD41FB\"}]}]}],\"references\":[{\"url\":\"http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT5934\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1029054\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.syscan.org/index.php/sg/program/day/2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1029054\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.syscan.org/index.php/sg/program/day/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

var-201306-0308

Vulnerability from variot

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. Successful exploits may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Apple iOS 5.1.x and 6.x through 6.1.3 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201306-0308",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.0   (apple tv first  2 after generation )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.1.x"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.0 to  6.1.3"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7   (iphone 4 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7   (ipod touch first  5 after generation )"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "60437"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3950"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stefan Esser",
    "sources": [
      {
        "db": "BID",
        "id": "60437"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-3950",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-3950",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-63952",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-3950",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-3950",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201306-090",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-63952",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3950"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. \nSuccessful exploits may allow an attacker to execute arbitrary code in  the context of the affected application. Failed exploit attempts will  likely result in denial-of-service conditions. \nApple iOS 5.1.x and 6.x through 6.1.3 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-3950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "db": "BID",
        "id": "60437"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63952"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-3950",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1029054",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98681940",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95174988",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-090",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "60437",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-63952",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63952"
      },
      {
        "db": "BID",
        "id": "60437"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3950"
      }
    ]
  },
  "id": "VAR-201306-0308",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63952"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:21:22.421000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "iOS 6",
        "trust": 0.8,
        "url": "http://www.apple.com/jp/ios/"
      },
      {
        "title": "APPLE-SA-2013-09-18-2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
      },
      {
        "title": "APPLE-SA-2013-10-22-3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
      },
      {
        "title": "APPLE-SA-2013-09-20-1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00008.html"
      },
      {
        "title": "HT6011",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6011"
      },
      {
        "title": "HT5934",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5934"
      },
      {
        "title": "HT5935",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5935"
      },
      {
        "title": "HT5934",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5934?viewlocale=ja_JP"
      },
      {
        "title": "HT5935",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5935?viewlocale=ja_JP"
      },
      {
        "title": "HT6011",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6011?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63952"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3950"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://antid0te.com/syscan_2013/syscan2013_mountain_lion_ios_vulnerabilities_garage_sale_whitepaper.pdf"
      },
      {
        "trust": 2.5,
        "url": "http://www.syscan.org/index.php/sg/program/day/2"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht5934"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1029054"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3950"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu98681940/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95174988/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3950"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63952"
      },
      {
        "db": "BID",
        "id": "60437"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3950"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-63952"
      },
      {
        "db": "BID",
        "id": "60437"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3950"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63952"
      },
      {
        "date": "2013-04-26T00:00:00",
        "db": "BID",
        "id": "60437"
      },
      {
        "date": "2013-06-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "date": "2013-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      },
      {
        "date": "2013-06-05T14:39:55.880000",
        "db": "NVD",
        "id": "CVE-2013-3950"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63952"
      },
      {
        "date": "2015-03-19T08:09:00",
        "db": "BID",
        "id": "60437"
      },
      {
        "date": "2013-11-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      },
      {
        "date": "2013-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      },
      {
        "date": "2024-11-21T01:54:36.107000",
        "db": "NVD",
        "id": "CVE-2013-3950"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS of  dyld of  dyld.cpp Vulnerable to stack-based buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002897"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-090"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2013-AVI-541

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple TV. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple TV versions antérieures à 6.0

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5935 du 19 septembre 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple TV versions ant\u00e9rieures \u00e0 6.0\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0993"
    },
    {
      "name": "CVE-2013-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1006"
    },
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2013-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0998"
    },
    {
      "name": "CVE-2013-1045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
    },
    {
      "name": "CVE-2013-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
    },
    {
      "name": "CVE-2013-1047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
    },
    {
      "name": "CVE-2013-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1001"
    },
    {
      "name": "CVE-2013-3954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3954"
    },
    {
      "name": "CVE-2013-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1019"
    },
    {
      "name": "CVE-2013-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5140"
    },
    {
      "name": "CVE-2013-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1005"
    },
    {
      "name": "CVE-2012-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
    },
    {
      "name": "CVE-2013-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0992"
    },
    {
      "name": "CVE-2013-1042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2013-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0994"
    },
    {
      "name": "CVE-2013-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1010"
    },
    {
      "name": "CVE-2013-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5134"
    },
    {
      "name": "CVE-2013-0879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0879"
    },
    {
      "name": "CVE-2013-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
    },
    {
      "name": "CVE-2013-1007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1007"
    },
    {
      "name": "CVE-2013-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0995"
    },
    {
      "name": "CVE-2013-1037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-1025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1025"
    },
    {
      "name": "CVE-2013-0991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0991"
    },
    {
      "name": "CVE-2013-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1000"
    },
    {
      "name": "CVE-2013-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
    },
    {
      "name": "CVE-2013-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
    },
    {
      "name": "CVE-2013-1008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1008"
    },
    {
      "name": "CVE-2013-1003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1003"
    },
    {
      "name": "CVE-2013-5128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
    },
    {
      "name": "CVE-2013-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1004"
    },
    {
      "name": "CVE-2013-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5145"
    },
    {
      "name": "CVE-2013-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
    },
    {
      "name": "CVE-2013-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5142"
    },
    {
      "name": "CVE-2013-5126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
    },
    {
      "name": "CVE-2013-1039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
    },
    {
      "name": "CVE-2013-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1002"
    },
    {
      "name": "CVE-2013-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0996"
    },
    {
      "name": "CVE-2013-3953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3953"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2013-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0997"
    },
    {
      "name": "CVE-2013-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5139"
    },
    {
      "name": "CVE-2013-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3950"
    },
    {
      "name": "CVE-2013-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1011"
    },
    {
      "name": "CVE-2013-1038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
    },
    {
      "name": "CVE-2013-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0999"
    },
    {
      "name": "CVE-2013-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1026"
    },
    {
      "name": "CVE-2013-1046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
    },
    {
      "name": "CVE-2013-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2013-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5138"
    },
    {
      "name": "CVE-2011-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
    },
    {
      "name": "CVE-2013-1041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
    },
    {
      "name": "CVE-2012-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
    }
  ],
  "initial_release_date": "2013-09-23T00:00:00",
  "last_revision_date": "2013-09-23T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-541",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple TV\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple TV",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5935 du 19 septembre 2013",
      "url": "http://support.apple.com/kb/HT5935"
    }
  ]
}

CERTA-2013-AVI-601

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple OS X Mavericks. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Mavericks v10.9

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT6011 du 22 octobre 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Mavericks v10.9\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5188"
    },
    {
      "name": "CVE-2013-4073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4073"
    },
    {
      "name": "CVE-2013-0249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0249"
    },
    {
      "name": "CVE-2013-5190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5190"
    },
    {
      "name": "CVE-2013-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
    },
    {
      "name": "CVE-2013-5167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5167"
    },
    {
      "name": "CVE-2013-5172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5172"
    },
    {
      "name": "CVE-2013-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1944"
    },
    {
      "name": "CVE-2013-5182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5182"
    },
    {
      "name": "CVE-2013-5191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5191"
    },
    {
      "name": "CVE-2013-5175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5175"
    },
    {
      "name": "CVE-2013-3954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3954"
    },
    {
      "name": "CVE-2012-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1150"
    },
    {
      "name": "CVE-2013-5174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5174"
    },
    {
      "name": "CVE-2013-5186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5186"
    },
    {
      "name": "CVE-2013-5176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5176"
    },
    {
      "name": "CVE-2013-5170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5170"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2013-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5135"
    },
    {
      "name": "CVE-2013-5187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5187"
    },
    {
      "name": "CVE-2013-5192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5192"
    },
    {
      "name": "CVE-2013-5184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5184"
    },
    {
      "name": "CVE-2012-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0845"
    },
    {
      "name": "CVE-2013-5185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5185"
    },
    {
      "name": "CVE-2013-5183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5183"
    },
    {
      "name": "CVE-2013-5168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5168"
    },
    {
      "name": "CVE-2013-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5145"
    },
    {
      "name": "CVE-2013-5173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5173"
    },
    {
      "name": "CVE-2013-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5142"
    },
    {
      "name": "CVE-2013-5166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5166"
    },
    {
      "name": "CVE-2013-5169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5169"
    },
    {
      "name": "CVE-2013-5189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5189"
    },
    {
      "name": "CVE-2013-5177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5177"
    },
    {
      "name": "CVE-2013-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5141"
    },
    {
      "name": "CVE-2013-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5139"
    },
    {
      "name": "CVE-2013-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3950"
    },
    {
      "name": "CVE-2013-5180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5180"
    },
    {
      "name": "CVE-2013-5171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5171"
    },
    {
      "name": "CVE-2013-5181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5181"
    },
    {
      "name": "CVE-2013-5165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5165"
    },
    {
      "name": "CVE-2011-3427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3427"
    },
    {
      "name": "CVE-2011-4944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4944"
    },
    {
      "name": "CVE-2013-5179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5179"
    },
    {
      "name": "CVE-2013-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5138"
    },
    {
      "name": "CVE-2011-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2013-5178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5178"
    }
  ],
  "initial_release_date": "2013-10-24T00:00:00",
  "last_revision_date": "2013-10-24T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-601",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X Mavericks\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un\ncontournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X Mavericks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6011 du 22 octobre 2013",
      "url": "http://support.apple.com/kb/HT6011"
    }
  ]
}

CERTA-2013-AVI-536

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple iOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à iOS 7

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5934 du 18 septembre 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 iOS 7\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0993"
    },
    {
      "name": "CVE-2013-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1006"
    },
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2013-5129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5129"
    },
    {
      "name": "CVE-2013-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0998"
    },
    {
      "name": "CVE-2013-5150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5150"
    },
    {
      "name": "CVE-2013-1045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
    },
    {
      "name": "CVE-2013-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
    },
    {
      "name": "CVE-2013-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2848"
    },
    {
      "name": "CVE-2013-1047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
    },
    {
      "name": "CVE-2013-5147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5147"
    },
    {
      "name": "CVE-2013-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1001"
    },
    {
      "name": "CVE-2013-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1012"
    },
    {
      "name": "CVE-2013-3954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3954"
    },
    {
      "name": "CVE-2013-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4616"
    },
    {
      "name": "CVE-2013-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1019"
    },
    {
      "name": "CVE-2013-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5140"
    },
    {
      "name": "CVE-2013-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1005"
    },
    {
      "name": "CVE-2012-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
    },
    {
      "name": "CVE-2013-5152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5152"
    },
    {
      "name": "CVE-2013-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0992"
    },
    {
      "name": "CVE-2013-1042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
    },
    {
      "name": "CVE-2013-5154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5154"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2013-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0994"
    },
    {
      "name": "CVE-2013-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1010"
    },
    {
      "name": "CVE-2013-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5134"
    },
    {
      "name": "CVE-2013-0879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0879"
    },
    {
      "name": "CVE-2013-0926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0926"
    },
    {
      "name": "CVE-2013-5157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5157"
    },
    {
      "name": "CVE-2013-5158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5158"
    },
    {
      "name": "CVE-2013-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
    },
    {
      "name": "CVE-2013-1007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1007"
    },
    {
      "name": "CVE-2013-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0995"
    },
    {
      "name": "CVE-2013-1037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1036"
    },
    {
      "name": "CVE-2013-0957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0957"
    },
    {
      "name": "CVE-2013-5153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5153"
    },
    {
      "name": "CVE-2013-1025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1025"
    },
    {
      "name": "CVE-2013-1028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1028"
    },
    {
      "name": "CVE-2013-0991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0991"
    },
    {
      "name": "CVE-2013-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1000"
    },
    {
      "name": "CVE-2013-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5156"
    },
    {
      "name": "CVE-2013-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
    },
    {
      "name": "CVE-2013-5159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5159"
    },
    {
      "name": "CVE-2013-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
    },
    {
      "name": "CVE-2013-1008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1008"
    },
    {
      "name": "CVE-2013-1003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1003"
    },
    {
      "name": "CVE-2013-5128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
    },
    {
      "name": "CVE-2013-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1004"
    },
    {
      "name": "CVE-2013-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5145"
    },
    {
      "name": "CVE-2013-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
    },
    {
      "name": "CVE-2013-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5142"
    },
    {
      "name": "CVE-2013-5126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
    },
    {
      "name": "CVE-2013-1039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
    },
    {
      "name": "CVE-2013-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1002"
    },
    {
      "name": "CVE-2013-5155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5155"
    },
    {
      "name": "CVE-2013-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0996"
    },
    {
      "name": "CVE-2013-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5131"
    },
    {
      "name": "CVE-2013-3953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3953"
    },
    {
      "name": "CVE-2013-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5141"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2013-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0997"
    },
    {
      "name": "CVE-2013-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5139"
    },
    {
      "name": "CVE-2013-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3950"
    },
    {
      "name": "CVE-2013-1038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
    },
    {
      "name": "CVE-2013-5151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5151"
    },
    {
      "name": "CVE-2013-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0999"
    },
    {
      "name": "CVE-2013-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1026"
    },
    {
      "name": "CVE-2013-1046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
    },
    {
      "name": "CVE-2013-3955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3955"
    },
    {
      "name": "CVE-2013-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2013-5149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5149"
    },
    {
      "name": "CVE-2013-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5138"
    },
    {
      "name": "CVE-2011-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
    },
    {
      "name": "CVE-2013-1041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
    },
    {
      "name": "CVE-2012-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
    },
    {
      "name": "CVE-2013-5137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5137"
    }
  ],
  "initial_release_date": "2013-09-19T00:00:00",
  "last_revision_date": "2013-09-19T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-536",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5934 du 18 septembre 2013",
      "url": "http://support.apple.com/kb/HT5934"
    }
  ]
}

ghsa-jhhj-m43q-gw88

Vulnerability from github

Published

2022-05-17 04:59

Modified

2022-05-17 04:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3950"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-06-05T14:39:00Z",
    "severity": "MODERATE"
  },
  "details": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.",
  "id": "GHSA-jhhj-m43q-gw88",
  "modified": "2022-05-17T04:59:07Z",
  "published": "2022-05-17T04:59:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3950"
    },
    {
      "type": "WEB",
      "url": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5934"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029054"
    },
    {
      "type": "WEB",
      "url": "http://www.syscan.org/index.php/sg/program/day/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2013-3950

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-3950

Aliases

CVE-2013-3950

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3950",
    "description": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.",
    "id": "GSD-2013-3950"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3950"
      ],
      "details": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.",
      "id": "GSD-2013-3950",
      "modified": "2023-12-13T01:22:22.458366Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-3950",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.syscan.org/index.php/sg/program/day/2",
            "refsource": "MISC",
            "url": "http://www.syscan.org/index.php/sg/program/day/2"
          },
          {
            "name": "1029054",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1029054"
          },
          {
            "name": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf",
            "refsource": "MISC",
            "url": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf"
          },
          {
            "name": "APPLE-SA-2013-10-22-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
          },
          {
            "name": "http://support.apple.com/kb/HT5934",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5934"
          },
          {
            "name": "APPLE-SA-2013-09-18-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3950"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.syscan.org/index.php/sg/program/day/2",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.syscan.org/index.php/sg/program/day/2"
            },
            {
              "name": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf"
            },
            {
              "name": "http://support.apple.com/kb/HT5934",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5934"
            },
            {
              "name": "APPLE-SA-2013-09-18-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
            },
            {
              "name": "1029054",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1029054"
            },
            {
              "name": "APPLE-SA-2013-10-22-3",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-10-31T03:34Z",
      "publishedDate": "2013-06-05T14:39Z"
    }
  }
}

fkie_cve-2013-3950

Vulnerability from fkie_nvd

Published

2013-06-05 14:39

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf	Exploit, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
cve@mitre.org	http://support.apple.com/kb/HT5934
cve@mitre.org	http://www.securitytracker.com/id/1029054
cve@mitre.org	http://www.syscan.org/index.php/sg/program/day/2
af854a3a-2127-422b-91ae-364da2661108	http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5934
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029054
af854a3a-2127-422b-91ae-364da2661108	http://www.syscan.org/index.php/sg/program/day/2

Impacted products

Vendor	Product	Version
apple	iphone_os	5.1
apple	iphone_os	5.1.1
apple	iphone_os	6.0
apple	iphone_os	6.0.1
apple	iphone_os	6.0.2
apple	iphone_os	6.1
apple	iphone_os	6.1.2
apple	iphone_os	6.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78F1F2C-2BFF-4D55-A754-102D6C42081B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A4AF71-8E71-432A-B908-361DAF99F4B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE0068D-C699-4646-9658-610409925A79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C215DD-BC98-4283-BF13-69556EF7CB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C3966E-C136-47A9-B5B4-70613756ED27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22AD2A1F-A637-47DE-A69F-DAE4ABDFA4BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D398B8-821B-4DE9-ADF1-4983051F964C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0CCE5F2-4D32-404B-BAAC-E64F11BD41FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n openSharedCacheFile en dyld.cpp en dyld en Apple iOS v5.1.x y v6.x hasta v6.1.3 hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques untethering a trav\u00e9s de una cadena larga en la variable de entorno DYLD_SHARED_CACHE_DIR."
    }
  ],
  "id": "CVE-2013-3950",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-05T14:39:55.880",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT5934"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1029054"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.syscan.org/index.php/sg/program/day/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.syscan.org/index.php/sg/program/day/2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-3950 (GCVE-0-2013-3950)

Vulnerability from cvelistv5

var-201306-0308

Vulnerability from variot

CERTA-2013-AVI-541

Vulnerability from certfr_avis

Solution

CERTA-2013-AVI-601

Vulnerability from certfr_avis

Solution

CERTA-2013-AVI-536

Vulnerability from certfr_avis

Solution

ghsa-jhhj-m43q-gw88

Vulnerability from github

gsd-2013-3950

Vulnerability from gsd

fkie_cve-2013-3950

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature