CVE-2017-7136
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.
Known Affected Software
67 configuration(s) from 1 vendor(s)
xcode
Version:
6.1.1
CPE:
cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
xcode
Version:
7.1
CPE:
cpe:2.3:a:apple:xcode:7.1:*:*:*:*:*:*:*
xcode
Version:
7.3
CPE:
cpe:2.3:a:apple:xcode:7.3:*:*:*:*:*:*:*
xcode
Version:
4.0
CPE:
cpe:2.3:a:apple:xcode:4.0:*:*:*:*:*:*:*
xcode
Version:
4.0.1
CPE:
cpe:2.3:a:apple:xcode:4.0.1:*:*:*:*:*:*:*
xcode
Version:
3.1.1
CPE:
cpe:2.3:a:apple:xcode:3.1.1:*:*:*:*:*:*:*
xcode
Version:
1.5.0
CPE:
cpe:2.3:a:apple:xcode:1.5.0:*:*:*:*:*:*:*
xcode
Version:
4.6
CPE:
cpe:2.3:a:apple:xcode:4.6:*:*:*:*:*:*:*
xcode
Version:
7.2
CPE:
cpe:2.3:a:apple:xcode:7.2:*:*:*:*:*:*:*
xcode
Version:
4.2
CPE:
cpe:2.3:a:apple:xcode:4.2:*:*:*:*:*:*:*
xcode
Version:
8.0
CPE:
cpe:2.3:a:apple:xcode:8.0:*:*:*:*:*:*:*
xcode
Version:
4.3.3
CPE:
cpe:2.3:a:apple:xcode:4.3.3:*:*:*:*:*:*:*
xcode
Version:
7.1.1
CPE:
cpe:2.3:a:apple:xcode:7.1.1:*:*:*:*:*:*:*
xcode
Version:
5.1
CPE:
cpe:2.3:a:apple:xcode:5.1:*:*:*:*:*:*:*
xcode
Version:
4.6.3
CPE:
cpe:2.3:a:apple:xcode:4.6.3:*:*:*:*:*:*:*
xcode
Version:
2.3.0
CPE:
cpe:2.3:a:apple:xcode:2.3.0:*:*:*:*:*:*:*
xcode
Version:
6.1
CPE:
cpe:2.3:a:apple:xcode:6.1:*:*:*:*:*:*:*
xcode
Version:
4.3.2
CPE:
cpe:2.3:a:apple:xcode:4.3.2:*:*:*:*:*:*:*
xcode
Version:
6.3.1
CPE:
cpe:2.3:a:apple:xcode:6.3.1:*:*:*:*:*:*:*
xcode
Version:
2.0.0
CPE:
cpe:2.3:a:apple:xcode:2.0.0:*:*:*:*:*:*:*
xcode
Version:
2.4.0
CPE:
cpe:2.3:a:apple:xcode:2.4.0:*:*:*:*:*:*:*
xcode
Version:
6.3
CPE:
cpe:2.3:a:apple:xcode:6.3:*:*:*:*:*:*:*
xcode
Version:
3.2.2
CPE:
cpe:2.3:a:apple:xcode:3.2.2:*:*:*:*:*:*:*
xcode
Version:
2.1.0
CPE:
cpe:2.3:a:apple:xcode:2.1.0:*:*:*:*:*:*:*
xcode
Version:
3.2.1
CPE:
cpe:2.3:a:apple:xcode:3.2.1:*:*:*:*:*:*:*
xcode
Version:
3.2.4
CPE:
cpe:2.3:a:apple:xcode:3.2.4:*:*:*:*:*:*:*
xcode
Version:
4.3.1
CPE:
cpe:2.3:a:apple:xcode:4.3.1:*:*:*:*:*:*:*
xcode
Version:
7.0
CPE:
cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
xcode
Version:
7.3.1
CPE:
cpe:2.3:a:apple:xcode:7.3.1:*:*:*:*:*:*:*
xcode
Version:
8.3.1
CPE:
cpe:2.3:a:apple:xcode:8.3.1:*:*:*:*:*:*:*
xcode
Version:
3.2.3
CPE:
cpe:2.3:a:apple:xcode:3.2.3:*:*:*:*:*:*:*
xcode
Version:
5.0.1
CPE:
cpe:2.3:a:apple:xcode:5.0.1:*:*:*:*:*:*:*
xcode
Version:
5.0.2
CPE:
cpe:2.3:a:apple:xcode:5.0.2:*:*:*:*:*:*:*
xcode
Version:
3.1.3
CPE:
cpe:2.3:a:apple:xcode:3.1.3:*:*:*:*:*:*:*
xcode
Version:
7.0.1
CPE:
cpe:2.3:a:apple:xcode:7.0.1:*:*:*:*:*:*:*
xcode
Version:
6.0
CPE:
cpe:2.3:a:apple:xcode:6.0:*:*:*:*:*:*:*
xcode
Version:
5.1.1
CPE:
cpe:2.3:a:apple:xcode:5.1.1:*:*:*:*:*:*:*
xcode
Version:
4.6.2
CPE:
cpe:2.3:a:apple:xcode:4.6.2:*:*:*:*:*:*:*
xcode
Version:
4.6.1
CPE:
cpe:2.3:a:apple:xcode:4.6.1:*:*:*:*:*:*:*
xcode
Version:
8.2
CPE:
cpe:2.3:a:apple:xcode:8.2:*:*:*:*:*:*:*
xcode
Version:
6.3.2
CPE:
cpe:2.3:a:apple:xcode:6.3.2:*:*:*:*:*:*:*
xcode
Version:
3.1.2
CPE:
cpe:2.3:a:apple:xcode:3.1.2:*:*:*:*:*:*:*
xcode
Version:
4.2.1
CPE:
cpe:2.3:a:apple:xcode:4.2.1:*:*:*:*:*:*:*
xcode
Version:
4.4.1
CPE:
cpe:2.3:a:apple:xcode:4.4.1:*:*:*:*:*:*:*
xcode
Version:
4.3
CPE:
cpe:2.3:a:apple:xcode:4.3:*:*:*:*:*:*:*
xcode
Version:
4.5.2
CPE:
cpe:2.3:a:apple:xcode:4.5.2:*:*:*:*:*:*:*
xcode
Version:
4.5
CPE:
cpe:2.3:a:apple:xcode:4.5:*:*:*:*:*:*:*
xcode
Version:
3.1
CPE:
cpe:2.3:a:apple:xcode:3.1:*:*:*:*:*:*:*
xcode
Version:
4.1.1
CPE:
cpe:2.3:a:apple:xcode:4.1.1:*:*:*:*:*:*:*
xcode
Version:
6.2
CPE:
cpe:2.3:a:apple:xcode:6.2:beta_2:*:*:*:*:*:*
xcode
Version:
2.2.0
CPE:
cpe:2.3:a:apple:xcode:2.2.0:*:*:*:*:*:*:*
xcode
Version:
4.5.1
CPE:
cpe:2.3:a:apple:xcode:4.5.1:*:*:*:*:*:*:*
xcode
Version:
4.4
CPE:
cpe:2.3:a:apple:xcode:4.4:*:*:*:*:*:*:*
xcode
Version:
8.3.3
CPE:
cpe:2.3:a:apple:xcode:8.3.3:*:*:*:*:*:*:*
xcode
Version:
2.4.1
CPE:
cpe:2.3:a:apple:xcode:2.4.1:*:*:*:*:*:*:*
xcode
Version:
7.2.1
CPE:
cpe:2.3:a:apple:xcode:7.2.1:*:*:*:*:*:*:*
xcode
Version:
8.3
CPE:
cpe:2.3:a:apple:xcode:8.3:*:*:*:*:*:*:*
xcode
Version:
3.2.5
CPE:
cpe:2.3:a:apple:xcode:3.2.5:*:*:*:*:*:*:*
xcode
Version:
4.1
CPE:
cpe:2.3:a:apple:xcode:4.1:*:*:*:*:*:*:*
xcode
Version:
5.0
CPE:
cpe:2.3:a:apple:xcode:5.0:*:*:*:*:*:*:*
xcode
Version:
6.4
CPE:
cpe:2.3:a:apple:xcode:6.4:*:*:*:*:*:*:*
xcode
Version:
8.1
CPE:
cpe:2.3:a:apple:xcode:8.1:*:*:*:*:*:*:*
xcode
Version:
8.2.1
CPE:
cpe:2.3:a:apple:xcode:8.2.1:*:*:*:*:*:*:*
xcode
Version:
8.3.2
CPE:
cpe:2.3:a:apple:xcode:8.3.2:*:*:*:*:*:*:*
xcode
Version:
6.0.1
CPE:
cpe:2.3:a:apple:xcode:6.0.1:*:*:*:*:*:*:*
xcode
Version:
4.0.2
CPE:
cpe:2.3:a:apple:xcode:4.0.2:*:*:*:*:*:*:*
xcode
Version:
3.1.4
CPE:
cpe:2.3:a:apple:xcode:3.1.4:*:*:*:*:*:*:*
This vulnerability affects 67 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.securityfocus.com/bid/100894product-security@apple.com Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039386product-security@apple.com Third Party Advisory VDB Entry
-
https://support.apple.com/HT208103product-security@apple.com Vendor Advisory
-
http://www.securityfocus.com/bid/100894af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1039386af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://support.apple.com/HT208103af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-119
Top 25 #17
Improper Restriction of Operations within the Bounds of a Memory Buffer
- Description
- The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- October 23, 2017
