Vulnerabilites related to apple - iphone_3gs
Vulnerability from fkie_nvd
Published
2019-11-22 18:15
Modified
2024-11-21 04:51
Severity ?
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://github.com/axi0mX/alloc8 | Exploit, Third Party Advisory | |
| cret@cert.org | https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/axi0mX/alloc8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_3gs | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone_3gs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F47AA5E-7909-4F36-9B69-4977B4BB35F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de bootrom malloc del Apple iPhone 3GS devuelve un puntero no NULL cuando no puede asignar la memoria, tambi\u00e9n se conoce como \"alloc8\". Un atacante con acceso f\u00edsico al dispositivo puede instalar un firmware arbitrario."
}
],
"id": "CVE-2019-9536",
"lastModified": "2024-11-21T04:51:48.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T18:15:11.170",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/axi0mX/alloc8"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/axi0mX/alloc8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-9536 (GCVE-0-2019-9536)
Vulnerability from cvelistv5
Published
2019-11-22 17:41
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- insecure malloc implementation
Summary
Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/axi0mX/alloc8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iPhone",
"vendor": "Apple",
"versions": [
{
"status": "affected",
"version": "3GS"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "axi0mX"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware."
}
],
"exploits": [
{
"lang": "en",
"value": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "insecure malloc implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T17:41:08",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axi0mX/alloc8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "alloc8",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iPhone",
"version": {
"version_data": [
{
"version_value": "3GS"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "axi0mX"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka \u0027alloc8\u0027. An attacker with physical access to the device can install arbitrary firmware."
}
]
},
"exploit": [
{
"lang": "en",
"value": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insecure malloc implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py",
"refsource": "MISC",
"url": "https://github.com/axi0mX/ipwndfu/blob/master/alloc8.py"
},
{
"name": "https://github.com/axi0mX/alloc8",
"refsource": "MISC",
"url": "https://github.com/axi0mX/alloc8"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9536",
"datePublished": "2019-11-22T17:41:08",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}