PT-2017-16701 · Libplist+2 · Libplist+2

Ghost

Published

2017-03-03

Updated

2018-01-03

CVE-2017-5836

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libplist (affected versions not specified)

Description The issue involves the plist free data function in plist.c within libplist, which allows attackers to cause a denial of service (crash) through specific vectors. These vectors involve an integer node that is incorrectly treated as a PLIST KEY, leading to an invalid free operation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2017-1551

AZL-36956

AZL-7269

CVE-2017-5836

MGASA-2018-0025

SUSE-SU-2017:1368-1

SUSE-SU-2017:1379-1

Affected Products

Alt Linux

Suse

Libplist

PT-2017-16701 · Libplist+2 · Libplist+2

CVE-2017-5836

Weakness Enumeration

Related Identifiers

Affected Products

References · 37