Vulnerability-Lookup

CVE-2019-9536 (GCVE-0-2019-9536)

Vulnerability from cvelistv5 – Published: 2019-11-22 17:41 – Updated: 2024-08-04 21:54

Summary

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

insecure malloc implementation

Assigner

certcc

References

URL

Tags

	https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py	x_refsource_MISC
	https://github.com/axi0mX/alloc8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apple	iPhone	Affected: 3GS

Credits

axi0mX

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:54:44.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/axi0mX/alloc8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iPhone",
          "vendor": "Apple",
          "versions": [
            {
              "status": "affected",
              "version": "3GS"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "axi0mX"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "insecure malloc implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-22T17:41:08.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axi0mX/alloc8"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "alloc8",
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9536",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iPhone",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3GS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "axi0mX"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "insecure malloc implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py",
              "refsource": "MISC",
              "url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
            },
            {
              "name": "https://github.com/axi0mX/alloc8",
              "refsource": "MISC",
              "url": "https://github.com/axi0mX/alloc8"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2019-9536",
    "datePublished": "2019-11-22T17:41:08.000Z",
    "dateReserved": "2019-03-01T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:54:44.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-9536",
      "date": "2026-05-07",
      "epss": "0.00166",
      "percentile": "0.37337"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:apple:iphone_3gs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F47AA5E-7909-4F36-9B69-4977B4BB35F8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n de bootrom malloc del Apple iPhone 3GS devuelve un puntero no NULL cuando no puede asignar la memoria, tambi\\u00e9n se conoce como \\\"alloc8\\\". Un atacante con acceso f\\u00edsico al dispositivo puede instalar un firmware arbitrario.\"}]",
      "id": "CVE-2019-9536",
      "lastModified": "2024-11-21T04:51:48.550",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cret@cert.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-22T18:15:11.170",
      "references": "[{\"url\": \"https://github.com/axi0mX/alloc8\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/axi0mX/alloc8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9536\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2019-11-22T18:15:11.170\",\"lastModified\":\"2024-11-21T04:51:48.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de bootrom malloc del Apple iPhone 3GS devuelve un puntero no NULL cuando no puede asignar la memoria, tambi\u00e9n se conoce como \\\"alloc8\\\". Un atacante con acceso f\u00edsico al dispositivo puede instalar un firmware arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:apple:iphone_3gs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F47AA5E-7909-4F36-9B69-4977B4BB35F8\"}]}]}],\"references\":[{\"url\":\"https://github.com/axi0mX/alloc8\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/axi0mX/alloc8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2019-9536

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

Aliases

CVE-2019-9536

Aliases

CVE-2019-9536

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9536",
    "description": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware.",
    "id": "GSD-2019-9536"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9536"
      ],
      "details": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware.",
      "id": "GSD-2019-9536",
      "modified": "2023-12-13T01:23:47.201092Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "alloc8",
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2019-9536",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iPhone",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "3GS"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "axi0mX"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "insecure malloc implementation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py",
            "refsource": "MISC",
            "url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
          },
          {
            "name": "https://github.com/axi0mX/alloc8",
            "refsource": "MISC",
            "url": "https://github.com/axi0mX/alloc8"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:apple:iphone_3gs:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9536"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-755"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
            },
            {
              "name": "https://github.com/axi0mX/alloc8",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/axi0mX/alloc8"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2019-11-22T18:15Z"
    }
  }
}

FKIE_CVE-2019-9536

Vulnerability from fkie_nvd - Published: 2019-11-22 18:15 - Updated: 2024-11-21 04:51

Severity ?

6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

References

URL	Tags
cret@cert.org	https://github.com/axi0mX/alloc8	Exploit, Third Party Advisory
cret@cert.org	https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/axi0mX/alloc8	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py	Third Party Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_3gs	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:apple:iphone_3gs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F47AA5E-7909-4F36-9B69-4977B4BB35F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de bootrom malloc del Apple iPhone 3GS devuelve un puntero no NULL cuando no puede asignar la memoria, tambi\u00e9n se conoce como \"alloc8\". Un atacante con acceso f\u00edsico al dispositivo puede instalar un firmware arbitrario."
    }
  ],
  "id": "CVE-2019-9536",
  "lastModified": "2024-11-21T04:51:48.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.2,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-22T18:15:11.170",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/axi0mX/alloc8"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/axi0mX/alloc8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-44542

Vulnerability from cnvd - Published: 2019-12-09

Title

Apple iPhone 3GS非空指针漏洞

Description

Apple iPhone 3GS是美国苹果（Apple）公司的一款智能手机。 Apple iPhone 3GS（old bootrom和new bootrom）中存在安全漏洞。攻击者可利用该漏洞安装任意固件。

Severity

中

Patch Name

Apple iPhone 3GS非空指针漏洞的补丁

Patch Description

Apple iPhone 3GS是美国苹果（Apple）公司的一款智能手机。 Apple iPhone 3GS（old bootrom和new bootrom）中存在安全漏洞。攻击者可利用该漏洞安装任意固件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.apple.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-9536

Impacted products

Name
Apple iPhone 3GS

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-9536"
    }
  },
  "description": "Apple iPhone 3GS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\n\nApple iPhone 3GS\uff08old bootrom\u548cnew bootrom\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b89\u88c5\u4efb\u610f\u56fa\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.apple.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-44542",
  "openTime": "2019-12-09",
  "patchDescription": "Apple iPhone 3GS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u624b\u673a\u3002\r\n\r\nApple iPhone 3GS\uff08old bootrom\u548cnew bootrom\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b89\u88c5\u4efb\u610f\u56fa\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iPhone 3GS\u975e\u7a7a\u6307\u9488\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple iPhone 3GS"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-9536",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-25",
  "title": "Apple iPhone 3GS\u975e\u7a7a\u6307\u9488\u6f0f\u6d1e"
}

GHSA-C9M5-G5W9-9JFX

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01

Details

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-22T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware.",
  "id": "GHSA-c9m5-g5w9-9jfx",
  "modified": "2022-05-24T17:01:50Z",
  "published": "2022-05-24T17:01:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9536"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axi0mX/alloc8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201911-0418

Vulnerability from variot - Updated: 2023-12-18 13:28

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware. Apple iPhone 3GS Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iPhone 3GS is a smart phone from Apple Inc. of the United States.

There are security holes in Apple iPhone 3GS (old bootrom and new bootrom)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0418",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone 3gs",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone 3gs",
        "scope": null,
        "trust": 1.4,
        "vendor": "apple",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:apple:iphone_3gs:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      }
    ]
  },
  "cve": "CVE-2019-9536",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2019-9536",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2019-44542",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-160971",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "cret@cert.org",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-9536",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9536",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "cret@cert.org",
            "id": "CVE-2019-9536",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-44542",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-1309",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-160971",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware. Apple iPhone 3GS Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iPhone 3GS is a smart phone from Apple Inc. of the United States. \n\nThere are security holes in Apple iPhone 3GS (old bootrom and new bootrom)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160971"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9536",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1309",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-160971",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ]
  },
  "id": "VAR-201911-0418",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160971"
      }
    ],
    "trust": 1.325
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:28:21.673000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.apple.com/"
      },
      {
        "title": "Patch for Apple iPhone 3GS Non-Null Pointer Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/193435"
      },
      {
        "title": "Apple iPhone 3GS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103446"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-755",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-269",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-160971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://github.com/axi0mx/alloc8"
      },
      {
        "trust": 2.5,
        "url": "https://github.com/axi0mx/ipwndfu/blob/master/alloc8.py"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9536"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9536"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-160971"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "date": "2019-11-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160971"
      },
      {
        "date": "2019-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "date": "2019-11-22T18:15:11.170000",
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "date": "2019-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-44542"
      },
      {
        "date": "2019-12-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-160971"
      },
      {
        "date": "2019-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2019-9536"
      },
      {
        "date": "2019-12-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iPhone 3GS Vulnerability in Permission Management",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012583"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1309"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-9536 (GCVE-0-2019-9536)

GSD-2019-9536

FKIE_CVE-2019-9536

CNVD-2019-44542

GHSA-C9M5-G5W9-9JFX

VAR-201911-0418

Tags

Sightings

Nomenclature