Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-5836

Published: 03/03/2017 Updated: 07/03/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libimobiledevice

Vulnerability Summary

The plist_free_data function in plist.c in libplist allows malicious users to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

Vulnerable Product Search on Vulmon Subscribe to Product

libimobiledevice libplist

Vendor Advisories

Debian CVElist Bug Report Logs: libplist: CVE-2017-5545
Debian Bug report logs - #852385 libplist: CVE-2017-5545 Package: src:libplist; Maintainer for src:libplist is gtkpod Maintainers <pkg-gtkpod-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 24 Jan 2017 05:48:02 UTC Severity: grave Tags: fixed-upstream, patch, security, ...
Debian CVElist Bug Report Logs: libplist: CVE-2017-5209
Debian Bug report logs - #851196 libplist: CVE-2017-5209 Package: src:libplist; Maintainer for src:libplist is gtkpod Maintainers <pkg-gtkpod-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 12 Jan 2017 21:15:01 UTC Severity: grave Tags: fixed-upstream, patch, security, ...
Debian CVElist Bug Report Logs: CVE-2017-5834 CVE-2017-5835 CVE-2017-5836
Debian Bug report logs - #854000 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 Package: src:libplist; Maintainer for src:libplist is gtkpod Maintainers <pkg-gtkpod-devel@alioth-listsdebiannet>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 2 Feb 2017 22:21:02 UTC Severity: grave Tags: security, upstream ...
Red Hat: CVE-2017-5836
The plist_free_data function in plistc in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free ...
Arch Linux Issues:
The plist_free_data function in plistc in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free ...

References

CWE-415https://github.com/libimobiledevice/libplist/issues/86http://www.openwall.com/lists/oss-security/2017/02/02/4http://www.openwall.com/lists/oss-security/2017/01/31/6http://www.securityfocus.com/bid/96022https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852385
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook