NVD Vulnerability Detail

CVE-2017-6975

Summary	Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.
Publication Date	April 5, 2017, 11:59 p.m.
Registration Date	Jan. 26, 2021, 1:28 p.m.
Last Update	Nov. 21, 2024, 12:30 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:apple:iphone_os::::::::			10.3

Related information, measures and tools

No	URL	タグ
1	http://seclists.org/fulldisclosure/2019/May/24
2	http://seclists.org/fulldisclosure/2019/May/24
3	http://www.securityfocus.com/bid/97328	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/97328	Third Party Advisory VDB Entry
5	http://www.securitytracker.com/id/1038172
6	http://www.securitytracker.com/id/1038172
7	https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html	Exploit Technical Description Third Party Advisory
8	https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html	Exploit Technical Description Third Party Advisory
9	https://seclists.org/bugtraq/2019/May/30
10	https://seclists.org/bugtraq/2019/May/30
11	https://support.apple.com/HT207688	Vendor Advisory
12	https://support.apple.com/HT207688	Vendor Advisory
13	https://support.apple.com/kb/HT210121
14	https://support.apple.com/kb/HT210121
15	https://twitter.com/4Dgifts/status/849268365457850370	Third Party Advisory
16	https://twitter.com/4Dgifts/status/849268365457850370	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Apple iOS におけるバッファオーバーフローの脆弱性

Title	Apple iOS におけるバッファオーバーフローの脆弱性
Summary	Apple が提供する iOS には、スタックベースのバッファオーバーフローの脆弱性 (CWE-121) が存在します。
Possible impacts	当該機器の無線範囲内にいる第三者によって、Wi-Fi chip 上で任意のコードを実行される可能性があります。
Solution	[アップデートする] 本脆弱性は iOS 10.3.1 で修正されています。開発者が提供する情報をもとに、システムをアップデートしてください。
Publication Date	April 3, 2017, midnight
Registration Date	April 7, 2017, 10:22 a.m.
Last Update	April 12, 2017, 6:06 p.m.

Affected System

アップル

iOS 10.3.1 より前のバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-6975	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6975
National Vulnerability Database (NVD)
2	CVE-2017-6975	https://nvd.nist.gov/vuln/detail/CVE-2017-6975

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html
2	CWE-121	https://cwe.mitre.org/data/definitions/121.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT207688	https://support.apple.com/en-us/HT207688
Apple セキュリティアップデート
2	HT207688	https://support.apple.com/ja-jp/HT207688

その他

No	Name	URL
JVN
1	JVNVU#91033489	http://jvn.jp/vu/JVNVU91033489/

Change Log

No	Changed Details	Date of change
0	[2017年04月07日] 掲載 [2017年04月12日] CVSS による深刻度：内容を更新 CWE による脆弱性タイプ一覧：CWE-ID を追加	Feb. 17, 2018, 10:37 a.m.