5
CVE-2015-1105
- EPSS 9.11%
- Veröffentlicht 10.04.2015 14:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.11% | 0.947 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
https://support.apple.com/HT204659
https://support.apple.com/kb/HT204870
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html
https://support.apple.com/HT204661
https://support.apple.com/HT204662
http://www.securitytracker.com/id/1032048