CVE-2010-3832

EPSS 4.27%
Veröffentlicht 26.11.2010 20:00:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPhone OS Version <= 4.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.0.0

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.0.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.0.2

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.1.0

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.1.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.1.2

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.1.3

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.1.4

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.1.5

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version2.0

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version2.0.0

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version2.0.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version2.0.2

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version2.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version2.1.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version2.2

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version2.2.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version3.0

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version3.0.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version3.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version3.1.2

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version3.1.3

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version3.2

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version3.2.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version3.2.2

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version4.0

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version4.0.1

Apple ≫ Ipad
Apple ≫ iPhone OS

Apple ≫ iPhone OS Version4.0.2

Apple ≫ Ipad
Apple ≫ iPhone OS

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.27%	0.884

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Vendor Advisory

http://secunia.com/advisories/42314

http://support.apple.com/kb/HT4456

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3046

http://www.securitytracker.com/id?1024770

https://exchange.xforce.ibmcloud.com/vulnerabilities/63421

https://nvd.nist.gov/vuln/detail/CVE-2010-3832

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3832

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3832

EUVD