Apple Xcode < 7.3.1 Multiple RCE (Mac OS X)

Critical Nessus Plugin ID 91262


An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.


The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.3.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Git due to overflow conditions in the path_name() function in revision.c that are triggered when pushing or cloning a repository with a large filename or containing a large number of nested trees. A remote attacker can exploit these issues to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.


Upgrade to Apple Xcode version 7.3.1 or later.

See Also

Plugin Details

Severity: Critical

ID: 91262

File Name: macosx_xcode_7_3_1.nasl

Version: $Revision: 1.3 $

Type: local

Agent: macosx

Published: 2016/05/19

Modified: 2017/07/19

Dependencies: 61412

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:xcode

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Apple Xcode

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/05/04

Vulnerability Publication Date: 2016/05/04

Reference Information

CVE: CVE-2016-2315, CVE-2016-2324

OSVDB: 135893, 135894

APPLE-SA: APPLE-SA-2016-05-03-1