CVE-2014-8611

MEDIUM

Description

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

References

http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

https://support.apple.com/HT205212

https://support.apple.com/HT205267

https://svnweb.freebsd.org/base?view=revision&revision=275665

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc

Details

Source: MITRE

Published: 2015-09-18

Updated: 2016-04-06

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM