ID

VAR-201509-0073


CVE

CVE-2015-5840


TITLE

Apple iOS of removefile of checkint division Routine service disruption (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004737

DESCRIPTION

The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 2.07

sources: NVD: CVE-2015-5840 // JVNDB: JVNDB-2015-004737 // BID: 76764 // VULHUB: VHN-83801 // VULMON: CVE-2015-5840

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 1.6

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004737 // CNNVD: CNNVD-201509-324 // NVD: CVE-2015-5840

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5840
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5840
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-324
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83801
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5840
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5840
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83801
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83801 // VULMON: CVE-2015-5840 // JVNDB: JVNDB-2015-004737 // CNNVD: CNNVD-201509-324 // NVD: CVE-2015-5840

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-83801 // JVNDB: JVNDB-2015-004737 // NVD: CVE-2015-5840

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-324

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201509-324

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004737

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2015-09-21-1 watchOS 2url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT205212url:https://support.apple.com/en-us/HT205212

Trust: 0.8

title:HT205213url:https://support.apple.com/en-us/HT205213

Trust: 0.8

title:HT205267url:http://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:HT205212url:http://support.apple.com/ja-jp/HT205212

Trust: 0.8

title:HT205213url:http://support.apple.com/ja-jp/HT205213

Trust: 0.8

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

sources: VULMON: CVE-2015-5840 // JVNDB: JVNDB-2015-004737

EXTERNAL IDS

db:NVDid:CVE-2015-5840

Trust: 2.9

db:BIDid:76764

Trust: 1.5

db:SECTRACKid:1033609

Trust: 1.2

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-004737

Trust: 0.8

db:CNNVDid:CNNVD-201509-324

Trust: 0.7

db:VULHUBid:VHN-83801

Trust: 0.1

db:VULMONid:CVE-2015-5840

Trust: 0.1

sources: VULHUB: VHN-83801 // VULMON: CVE-2015-5840 // BID: 76764 // JVNDB: JVNDB-2015-004737 // CNNVD: CNNVD-201509-324 // NVD: CVE-2015-5840

REFERENCES

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html

Trust: 1.8

url:https://support.apple.com/ht205212

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.2

url:http://www.securityfocus.com/bid/76764

Trust: 1.2

url:https://support.apple.com/ht205213

Trust: 1.2

url:https://support.apple.com/ht205267

Trust: 1.2

url:http://www.securitytracker.com/id/1033609

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5840

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5840

Trust: 0.8

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.apple.com/iphone/

Trust: 0.3

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/apple-osx-networkextension-cve-2015-5831

Trust: 0.1

url:https://support.apple.com/kb/ht205267

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307

Trust: 0.1

sources: VULHUB: VHN-83801 // VULMON: CVE-2015-5840 // BID: 76764 // JVNDB: JVNDB-2015-004737 // CNNVD: CNNVD-201509-324 // NVD: CVE-2015-5840

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:VULHUBid:VHN-83801
db:VULMONid:CVE-2015-5840
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004737
db:CNNVDid:CNNVD-201509-324
db:NVDid:CVE-2015-5840

LAST UPDATE DATE

2025-04-13T20:49:41.735000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-83801date:2016-12-22T00:00:00
db:VULMONid:CVE-2015-5840date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004737date:2015-10-06T00:00:00
db:CNNVDid:CNNVD-201509-324date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5840date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-83801date:2015-09-18T00:00:00
db:VULMONid:CVE-2015-5840date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004737date:2015-09-24T00:00:00
db:CNNVDid:CNNVD-201509-324date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5840date:2015-09-18T10:59:54.783