Описание
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
Ссылки
- Mailing ListVendor Advisory
- https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998Issue Tracking
- Issue Tracking
- Issue Tracking
- Vendor Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.11.5 (включая)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06839
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-190
Связанные уязвимости
CVSS3: 7.8
ubuntu
больше 9 лет назад
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
CVSS3: 7.8
debian
больше 9 лет назад
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in ...
EPSS
Процентиль: 91%
0.06839
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-190