5.3
CVE-2016-5104
- EPSS 2.99%
- Veröffentlicht 13.06.2016 14:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libimobiledevice ≫ Libimobiledevice Version <= 1.2.0
Libimobiledevice ≫ Libusbmuxd Version <= 1.0.10
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.99% | 0.857 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00029.html
http://www.openwall.com/lists/oss-security/2016/05/26/1
http://www.openwall.com/lists/oss-security/2016/05/26/6
http://www.ubuntu.com/usn/USN-3026-1
http://www.ubuntu.com/usn/USN-3026-2
https://bugzilla.redhat.com/show_bug.cgi?id=1339988
https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
https://lists.debian.org/debian-lts-announce/2020/02/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/02/msg00028.html