3.6

CVE-2013-0964

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.

Data is provided by the National Vulnerability Database (NVD)
AppletvOS Version <= 5.1.1
AppletvOS Version1.0.0
AppletvOS Version1.1.0
AppletvOS Version2.0.0
AppletvOS Version2.0.1
AppletvOS Version2.0.2
AppletvOS Version2.1.0
AppletvOS Version2.2.0
AppletvOS Version2.3.0
AppletvOS Version2.3.1
AppletvOS Version2.4.0
AppletvOS Version3.0.0
AppletvOS Version3.0.1
AppletvOS Version3.0.2
AppletvOS Version4.1.0
AppletvOS Version4.1.1
AppletvOS Version4.2.0
AppletvOS Version4.2.1
AppletvOS Version4.2.2
AppletvOS Version4.3.0
AppletvOS Version4.4.0
AppletvOS Version4.4.2
AppletvOS Version4.4.3
AppletvOS Version4.4.4
AppletvOS Version5.0.0
AppletvOS Version5.0.1
AppletvOS Version5.0.2
AppletvOS Version5.1.0
AppleiPhone OS Version <= 6.0.2
AppleiPhone OS Version6.0
AppleiPhone OS Version6.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.165
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.