Details of VAR-201705-3987

ID

VAR-201705-3987

CVE

CVE-2017-6983

TITLE

Apple iOS and OS X of SQLite Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003808

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of WebSQL. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS and macOS are prone to multiple security vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; macOS Sierra is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp

Trust: 2.7

sources: NVD: CVE-2017-6983 // JVNDB: JVNDB-2017-003808 // ZDI: ZDI-17-366 // BID: 98472 // VULHUB: VHN-115186 // VULMON: CVE-2017-6983

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.4	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (ipad first 4 generation or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.1	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.12.4	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.3	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3.2	Trust: 0.3

sources: ZDI: ZDI-17-366 // BID: 98472 // JVNDB: JVNDB-2017-003808 // CNNVD: CNNVD-201705-968 // NVD: CVE-2017-6983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6983
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6983
value:	HIGH
Trust: 0.8
ZDI:	CVE-2017-6983
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201705-968
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115186
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-6983
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6983
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
VULHUB:	VHN-115186
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6983
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-17-366 // VULHUB: VHN-115186 // VULMON: CVE-2017-6983 // JVNDB: JVNDB-2017-003808 // CNNVD: CNNVD-201705-968 // NVD: CVE-2017-6983

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-115186 // JVNDB: JVNDB-2017-003808 // NVD: CVE-2017-6983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-968

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201705-968

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003808

PATCH

title:	HT207798	url:	https://support.apple.com/en-us/HT207798	Trust: 1.5
title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207797	url:	https://support.apple.com/en-us/HT207797	Trust: 0.8
title:	HT207797	url:	https://support.apple.com/ja-jp/HT207797	Trust: 0.8
title:	HT207798	url:	https://support.apple.com/ja-jp/HT207798	Trust: 0.8
title:	Apple iOS and macOS Sierra SQLite Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70444	Trust: 0.6
title:	Apple: macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a85d2562c7bfeef27c008c1b42b57ce3	Trust: 0.1
title:	Apple: iOS 10.3.2	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=02bdc4f27af21fbb8c501e6519ce979a	Trust: 0.1
title:	Android Security Bulletins: Android Security Bulletin—September 2017	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=45d9f825c1db6d21aee6f02c00c607a0	Trust: 0.1

sources: ZDI: ZDI-17-366 // VULMON: CVE-2017-6983 // JVNDB: JVNDB-2017-003808 // CNNVD: CNNVD-201705-968

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6983	Trust: 3.6
db:	SECTRACK	id:	1038484	Trust: 1.2
db:	JVN	id:	JVNVU98089541	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-003808	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4591	Trust: 0.7
db:	ZDI	id:	ZDI-17-366	Trust: 0.7
db:	CNNVD	id:	CNNVD-201705-968	Trust: 0.7
db:	BID	id:	98472	Trust: 0.4
db:	VULHUB	id:	VHN-115186	Trust: 0.1
db:	VULMON	id:	CVE-2017-6983	Trust: 0.1

sources: ZDI: ZDI-17-366 // VULHUB: VHN-115186 // VULMON: CVE-2017-6983 // BID: 98472 // JVNDB: JVNDB-2017-003808 // CNNVD: CNNVD-201705-968 // NVD: CVE-2017-6983

REFERENCES

url:	https://support.apple.com/ht207797	Trust: 1.8
url:	https://support.apple.com/ht207798	Trust: 1.8
url:	https://source.android.com/security/bulletin/2017-09-01	Trust: 1.2
url:	http://www.securitytracker.com/id/1038484	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6983	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98089541/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6983	Trust: 0.8
url:	https://support.apple.com/en-us/ht207798	Trust: 0.7
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/98472	Trust: 0.1
url:	https://support.apple.com/kb/ht207797	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=53836	Trust: 0.1

sources: ZDI: ZDI-17-366 // VULHUB: VHN-115186 // VULMON: CVE-2017-6983 // BID: 98472 // JVNDB: JVNDB-2017-003808 // CNNVD: CNNVD-201705-968 // NVD: CVE-2017-6983

CREDITS

Chaitin Security Research Lab

Trust: 0.7

sources: ZDI: ZDI-17-366

SOURCES

db:	ZDI	id:	ZDI-17-366
db:	VULHUB	id:	VHN-115186
db:	VULMON	id:	CVE-2017-6983
db:	BID	id:	98472
db:	JVNDB	id:	JVNDB-2017-003808
db:	CNNVD	id:	CNNVD-201705-968
db:	NVD	id:	CVE-2017-6983

LAST UPDATE DATE

2025-04-20T21:33:48.227000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-366	date:	2017-05-30T00:00:00
db:	VULHUB	id:	VHN-115186	date:	2017-09-09T00:00:00
db:	VULMON	id:	CVE-2017-6983	date:	2017-09-09T00:00:00
db:	BID	id:	98472	date:	2017-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-003808	date:	2017-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201705-968	date:	2017-05-24T00:00:00
db:	NVD	id:	CVE-2017-6983	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-17-366	date:	2017-05-30T00:00:00
db:	VULHUB	id:	VHN-115186	date:	2017-05-22T00:00:00
db:	VULMON	id:	CVE-2017-6983	date:	2017-05-22T00:00:00
db:	BID	id:	98472	date:	2017-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-003808	date:	2017-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201705-968	date:	2017-05-24T00:00:00
db:	NVD	id:	CVE-2017-6983	date:	2017-05-22T05:29:02.863