10
CVE-2008-1030
- EPSS 4.74%
- Veröffentlicht 02.06.2008 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:50:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apple ≫ macOS X Server Version10.4.11
Apple ≫ macOS X Server Version10.5
Apple ≫ macOS X Server Version10.5.1
Apple ≫ macOS X Server Version10.5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.74% | 0.907 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://secunia.com/advisories/30430
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2008/1697
http://www.securityfocus.com/bid/29412
http://securitytracker.com/id?1020135
http://www.securityfocus.com/bid/29491
https://exchange.xforce.ibmcloud.com/vulnerabilities/42709