Details of VAR-201704-0800

ID

VAR-201704-0800

CVE

CVE-2017-2477

TITLE

Apple macOS of libxslt Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-002434

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Attackers can exploit these issues to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project

Trust: 1.98

sources: NVD: CVE-2017-2477 // JVNDB: JVNDB-2017-002434 // BID: 97303 // VULHUB: VHN-110680

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	security update yosemite	scope:	ne	version:	2017-0010	Trust: 0.3
vendor:	apple	model:	security update el capitan	scope:	ne	version:	2017-0010	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.4	Trust: 0.3

sources: BID: 97303 // JVNDB: JVNDB-2017-002434 // CNNVD: CNNVD-201704-108 // NVD: CVE-2017-2477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2477
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-2477
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201704-108
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110680
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2477
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110680
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2477
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110680 // JVNDB: JVNDB-2017-002434 // CNNVD: CNNVD-201704-108 // NVD: CVE-2017-2477

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-110680 // JVNDB: JVNDB-2017-002434 // NVD: CVE-2017-2477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-108

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-108

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002434

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207615	url:	https://support.apple.com/en-us/HT207615	Trust: 0.8
title:	HT207615	url:	https://support.apple.com/ja-jp/HT207615	Trust: 0.8
title:	Apple macOS Sierra libxslt Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69001	Trust: 0.6

sources: JVNDB: JVNDB-2017-002434 // CNNVD: CNNVD-201704-108

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2477	Trust: 2.8
db:	BID	id:	97303	Trust: 1.4
db:	JVN	id:	JVNVU90482935	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002434	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-108	Trust: 0.7
db:	VULHUB	id:	VHN-110680	Trust: 0.1

sources: VULHUB: VHN-110680 // BID: 97303 // JVNDB: JVNDB-2017-002434 // CNNVD: CNNVD-201704-108 // NVD: CVE-2017-2477

REFERENCES

url:	https://support.apple.com/ht207615	Trust: 1.7
url:	http://www.securityfocus.com/bid/97303	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2477	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90482935/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2477	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	https://support.apple.com/en-us/ht207615	Trust: 0.3

sources: VULHUB: VHN-110680 // BID: 97303 // JVNDB: JVNDB-2017-002434 // CNNVD: CNNVD-201704-108 // NVD: CVE-2017-2477

CREDITS

Apple

Trust: 0.3

sources: BID: 97303

SOURCES

db:	VULHUB	id:	VHN-110680
db:	BID	id:	97303
db:	JVNDB	id:	JVNDB-2017-002434
db:	CNNVD	id:	CNNVD-201704-108
db:	NVD	id:	CVE-2017-2477

LAST UPDATE DATE

2025-04-20T20:58:13.797000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110680	date:	2017-04-07T00:00:00
db:	BID	id:	97303	date:	2017-04-04T00:03:00
db:	JVNDB	id:	JVNDB-2017-002434	date:	2017-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201704-108	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2017-2477	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110680	date:	2017-04-02T00:00:00
db:	BID	id:	97303	date:	2017-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-002434	date:	2017-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201704-108	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2017-2477	date:	2017-04-02T01:59:03.623