CVE-2010-1752

Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List Vendor Advisory
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html	Mailing List Vendor Advisory
http://support.apple.com/kb/HT4225	Vendor Advisory
http://support.apple.com/kb/HT4435	Vendor Advisory
http://www.securityfocus.com/bid/41016	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/59631	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:apple:ipod_touch:-:::::::*
	cpe:2.3:o:apple:iphone_os:-:::::::*

History

No history.

Information

Published : 2010-06-22 20:30

Updated : 2024-02-28 11:41

NVD link : CVE-2010-1752

Mitre link : CVE-2010-1752

CVE.ORG link : CVE-2010-1752

JSON object : View

Products Affected

apple

ipod_touch
iphone_os

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2010-1752", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-06-22T20:30:01.557", "references": [{"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4225", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4435", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/41016", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59631", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en CFNetwork en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante vectores relacionados con el manejo de URL."}], "lastModified": "2022-08-09T13:46:59.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD", "versionEndExcluding": "4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9"}, {"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@apple.com", "evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html \r\n\r\n'Installation note: These updates are only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be \"4.0 (8A293)\" or later.'"}