PT-2016-3545 · Apple+3 · Os X+3

Publicado

2016-07-22

Atualizado

2024-06-15

CVE-2014-9862

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.11.6

Description The issue is caused by an integer signedness error in the bspatch.c file of the bsdiff library, which is used in Apple OS X and other products. This error allows remote attackers to execute arbitrary code or cause a denial of service through a heap-based buffer overflow by providing a crafted patch file.

Recommendations For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue.

Correção

RCE

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CVE-2014-9862

DLA-2010-1

DLA-697-1

FREEBSD-SA-16_25

MGASA-2016-0288

MGASA-2022-0334

OPENSUSE-SU-2022_3094-1

OPENSUSE-SU-2022_3456-1

OPENSUSE-SU-2024:10045-1

OPENSUSE-SU-2024:12242-1

SUSE-SU-2022:3094-1

SUSE-SU-2022:3455-1

SUSE-SU-2022:3456-1

SUSE-SU-2022:3671-1

SUSE-SU-2022_3094-1

SUSE-SU-2022_3455-1

SUSE-SU-2022_3456-1

SUSE-SU-2022_3671-1

USN-4500-1

Produtos afetados

Os X

Freebsd

Suse

Ubuntu

PT-2016-3545 · Apple+3 · Os X+3

CVE-2014-9862

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 56