Sign-up

ID

VAR-201410-1071


CVE

CVE-2014-4436


TITLE

Apple OS X of IOHIDFamily Service disruption in (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-004876

DESCRIPTION

IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application. A remote attacker can leverage this issue to crash the affected application, denying service to legitimate users

Trust: 1.98

sources: NVD: CVE-2014-4436 // JVNDB: JVNDB-2014-004876 // BID: 70616 // VULHUB: VHN-72376

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.9.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.10

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.6

sources: JVNDB: JVNDB-2014-004876 // CNNVD: CNNVD-201410-614 // NVD: CVE-2014-4436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4436
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4436
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-614
value: MEDIUM

Trust: 0.6

VULHUB: VHN-72376
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4436
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-72376
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-72376 // JVNDB: JVNDB-2014-004876 // CNNVD: CNNVD-201410-614 // NVD: CVE-2014-4436

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-72376 // JVNDB: JVNDB-2014-004876 // NVD: CVE-2014-4436

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-614

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201410-614

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004876

PATCH
title:HT6535url:https://support.apple.com/kb/HT6535
Trust: 0.8
title:HT6535url:http://support.apple.com/kb/HT6535?viewlocale=ja_JP
Trust: 0.8
title:OS X Yosemite 10.10 MAS 14A389( Official version of the full firmware )url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52113
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-004876 // 
            
            
            
            CNNVD: CNNVD-201410-614

EXTERNAL IDS
db:NVDid:CVE-2014-4436
Trust: 2.8
db:BIDid:70616
Trust: 1.4
db:SECTRACKid:1031063
Trust: 1.1
db:JVNid:JVNVU97537282
Trust: 0.8
db:JVNDBid:JVNDB-2014-004876
Trust: 0.8
db:CNNVDid:CNNVD-201410-614
Trust: 0.7
db:VULHUBid:VHN-72376
Trust: 0.1
sources:
            
            
            VULHUB: VHN-72376 // 
            
            
            
            BID: 70616 // 
            
            
            
            JVNDB: JVNDB-2014-004876 // 
            
            
            
            CNNVD: CNNVD-201410-614 // 
            
            
            
            NVD: CVE-2014-4436

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Trust: 2.5
url:https://support.apple.com/kb/ht6535
Trust: 1.7
url:http://www.securityfocus.com/bid/70616
Trust: 1.1
url:http://www.securitytracker.com/id/1031063
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/97635
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4436
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97537282/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4436
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-72376 // 
            
            
            
            BID: 70616 // 
            
            
            
            JVNDB: JVNDB-2014-004876 // 
            
            
            
            CNNVD: CNNVD-201410-614 // 
            
            
            
            NVD: CVE-2014-4436

CREDITS
cunzhang from Adlab of Venustech
Trust: 0.3
sources:
            
            
            BID: 70616

SOURCES
db:VULHUBid:VHN-72376
db:BIDid:70616
db:JVNDBid:JVNDB-2014-004876
db:CNNVDid:CNNVD-201410-614
db:NVDid:CVE-2014-4436

LAST UPDATE DATE
2025-04-13T22:07:57.065000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-72376date:2017-08-29T00:00:00
db:BIDid:70616date:2014-10-16T00:00:00
db:JVNDBid:JVNDB-2014-004876date:2015-12-02T00:00:00
db:CNNVDid:CNNVD-201410-614date:2014-10-22T00:00:00
db:NVDid:CVE-2014-4436date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-72376date:2014-10-18T00:00:00
db:BIDid:70616date:2014-10-16T00:00:00
db:JVNDBid:JVNDB-2014-004876date:2014-10-22T00:00:00
db:CNNVDid:CNNVD-201410-614date:2014-10-22T00:00:00
db:NVDid:CVE-2014-4436date:2014-10-18T01:55:13.527