Published: 02/04/2017 Updated: 12/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in certain Apple products. macOS prior to 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows malicious users to cause a denial of service (NULL pointer dereference) via a crafted app.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x

/* * IOFireWireFamily-null-derefc * Brandon Azad * * NULL pointer dereference in IOFireWireUserClient::setAsyncRef_IsochChannelForceStop * * Download: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44236zip */ #include <IOKit/IOKitLibh> int main() { int ret = 0; io_service_t service = IOServi ...

CVE-2017-2388: Null-pointer dereference in IOFireWireFamily.

IOFireWireFamily-null-deref IOFireWireFamily-null-deref is a proof-of-concept exploit for CVE-2017-2388, a NULL pointer derefererence in IOFireWireUserClient that was fixed in macOS Sierra 10124 This vulnerability can be triggered to cause denial of service on devices with a FireWire port CVE-2017-2388 The function IOFireWireUserClient::setAsyncRef_IsochChannelForceStop did

CWE-476 https://support.apple.com/HT207615 http://www.securityfocus.com/bid/97140 http://www.securitytracker.com/id/1038138 https://nvd.nist.gov https://github.com/bazad/IOFireWireFamily-null-deref https://www.exploit-db.com/exploits/44236/

CVE-2017-2388

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect