Sign-up

ID

VAR-201904-0685


CVE

CVE-2017-7151


TITLE

plural Apple Product race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-014420

DESCRIPTION

A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4. plural Apple The product contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A race condition vulnerability exists in the CoreFoundation component of several Apple products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2017-7151 // JVNDB: JVNDB-2017-014420 // VULHUB: VHN-115354

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.13.3

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.2

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:4.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.7.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.3

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.7.2 (windows 7 or later )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014420 // NVD: CVE-2017-7151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7151
value: HIGH

Trust: 1.0

NVD: CVE-2017-7151
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201703-923
value: HIGH

Trust: 0.6

VULHUB: VHN-115354
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7151
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115354
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7151
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115354 // JVNDB: JVNDB-2017-014420 // CNNVD: CNNVD-201703-923 // NVD: CVE-2017-7151

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-115354 // JVNDB: JVNDB-2017-014420 // NVD: CVE-2017-7151

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201703-923

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201703-923

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014420

PATCH
title:HT208331url:https://support.apple.com/en-us/HT208331
Trust: 0.8
title:HT208334url:https://support.apple.com/en-us/HT208334
Trust: 0.8
title:HT208692url:https://support.apple.com/en-us/HT208692
Trust: 0.8
title:HT208325url:https://support.apple.com/en-us/HT208325
Trust: 0.8
title:HT208326url:https://support.apple.com/en-us/HT208326
Trust: 0.8
title:HT208327url:https://support.apple.com/en-us/HT208327
Trust: 0.8
title:HT208692url:https://support.apple.com/ja-jp/HT208692
Trust: 0.8
title:HT208325url:https://support.apple.com/ja-jp/HT208325
Trust: 0.8
title:HT208326url:https://support.apple.com/ja-jp/HT208326
Trust: 0.8
title:HT208327url:https://support.apple.com/ja-jp/HT208327
Trust: 0.8
title:HT208331url:https://support.apple.com/ja-jp/HT208331
Trust: 0.8
title:HT208334url:https://support.apple.com/ja-jp/HT208334
Trust: 0.8
title:Apple tvOS Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91081
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014420 // 
            
            
            
            CNNVD: CNNVD-201703-923

EXTERNAL IDS
db:NVDid:CVE-2017-7151
Trust: 2.5
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNid:JVNVU98418454
Trust: 0.8
db:JVNDBid:JVNDB-2017-014420
Trust: 0.8
db:CNNVDid:CNNVD-201703-923
Trust: 0.7
db:VULHUBid:VHN-115354
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115354 // 
            
            
            
            JVNDB: JVNDB-2017-014420 // 
            
            
            
            CNNVD: CNNVD-201703-923 // 
            
            
            
            NVD: CVE-2017-7151

REFERENCES
url:https://support.apple.com/kb/ht208325
Trust: 1.7
url:https://support.apple.com/kb/ht208326
Trust: 1.7
url:https://support.apple.com/kb/ht208327
Trust: 1.7
url:https://support.apple.com/kb/ht208331
Trust: 1.7
url:https://support.apple.com/kb/ht208334
Trust: 1.7
url:https://support.apple.com/kb/ht208692
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-7151
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7151
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98418454/index.html
Trust: 0.8
sources:
            
            
            VULHUB: VHN-115354 // 
            
            
            
            JVNDB: JVNDB-2017-014420 // 
            
            
            
            CNNVD: CNNVD-201703-923 // 
            
            
            
            NVD: CVE-2017-7151

SOURCES
db:VULHUBid:VHN-115354
db:JVNDBid:JVNDB-2017-014420
db:CNNVDid:CNNVD-201703-923
db:NVDid:CVE-2017-7151

LAST UPDATE DATE
2024-11-23T21:19:13.376000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115354date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2017-014420date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201703-923date:2019-04-08T00:00:00
db:NVDid:CVE-2017-7151date:2024-11-21T03:31:16.550

SOURCES RELEASE DATE
db:VULHUBid:VHN-115354date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2017-014420date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201703-923date:2017-03-22T00:00:00
db:NVDid:CVE-2017-7151date:2019-04-03T18:29:00.503