Details of VAR-201309-0421

ID

VAR-201309-0421

CVE

CVE-2013-5141

TITLE

Apple iOS Service disruption in some kernels (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004572

DESCRIPTION

The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability.". Apple iOS for the iPhone, iPod touch, and iPad is prone to a denial-of-service vulnerability. Successfully exploiting this issue will allow attackers to cause denial-of-service conditions. Note: This issue was previously covered in BID 62491 (Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A Numeric Error vulnerability exists in the kernel in Apple iOS 6.1.4 and earlier. The vulnerability results from the program using incorrect data values for integer variables

Trust: 1.98

sources: NVD: CVE-2013-5141 // JVNDB: JVNDB-2013-004572 // BID: 62523 // VULHUB: VHN-65143

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.2	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	6.1.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	6.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.3.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	4.2.8	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.9	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (iphone 4 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	7 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	6.1.4	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 62523 // JVNDB: JVNDB-2013-004572 // CNNVD: CNNVD-201309-331 // NVD: CVE-2013-5141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5141
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5141
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201309-331
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65143
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5141
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2013-5141
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-65143
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65143 // JVNDB: JVNDB-2013-004572 // CNNVD: CNNVD-201309-331 // NVD: CVE-2013-5141

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.9

sources: VULHUB: VHN-65143 // JVNDB: JVNDB-2013-004572 // NVD: CVE-2013-5141

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-331

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201309-331

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004572

PATCH

title:	APPLE-SA-2013-10-22-3	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html	Trust: 0.8
title:	APPLE-SA-2013-09-18-2	url:	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html	Trust: 0.8
title:	HT6011	url:	http://support.apple.com/kb/HT6011	Trust: 0.8
title:	HT5934	url:	http://support.apple.com/kb/HT5934	Trust: 0.8
title:	HT6011	url:	http://support.apple.com/kb/HT6011?viewlocale=ja_JP	Trust: 0.8
title:	HT5934	url:	http://support.apple.com/kb/HT5934?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-004572

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5141	Trust: 2.8
db:	SECTRACK	id:	1029054	Trust: 1.1
db:	JVN	id:	JVNVU98681940	Trust: 0.8
db:	JVN	id:	JVNVU95174988	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004572	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-331	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2013-09-18-2	Trust: 0.6
db:	BID	id:	62523	Trust: 0.4
db:	VULHUB	id:	VHN-65143	Trust: 0.1

sources: VULHUB: VHN-65143 // BID: 62523 // JVNDB: JVNDB-2013-004572 // CNNVD: CNNVD-201309-331 // NVD: CVE-2013-5141

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5934	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2013/oct/msg00004.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1029054	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5141	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu98681940/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95174988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5141	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-65143 // BID: 62523 // JVNDB: JVNDB-2013-004572 // CNNVD: CNNVD-201309-331 // NVD: CVE-2013-5141

CREDITS

CESG

Trust: 0.3

sources: BID: 62523

SOURCES

db:	VULHUB	id:	VHN-65143
db:	BID	id:	62523
db:	JVNDB	id:	JVNDB-2013-004572
db:	CNNVD	id:	CNNVD-201309-331
db:	NVD	id:	CVE-2013-5141

LAST UPDATE DATE

2025-04-11T21:47:34.626000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65143	date:	2013-10-31T00:00:00
db:	BID	id:	62523	date:	2013-10-24T00:50:00
db:	JVNDB	id:	JVNDB-2013-004572	date:	2013-11-08T00:00:00
db:	CNNVD	id:	CNNVD-201309-331	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2013-5141	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65143	date:	2013-09-19T00:00:00
db:	BID	id:	62523	date:	2013-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004572	date:	2013-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201309-331	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2013-5141	date:	2013-09-19T10:28:00.837