CVE-2011-2391

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

CVSS v2.0 6.1 MEDIUM

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html	Vendor Advisory
http://support.apple.com/kb/HT5934	Vendor Advisory
http://secunia.com/advisories/54886
http://osvdb.org/97438
http://www.securitytracker.com/id/1029054
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html	Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
https://support.apple.com/kb/HT6535	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html	Vendor Advisory
http://support.apple.com/HT204244	Vendor Advisory
http://support.apple.com/kb/HT6442
http://support.apple.com/kb/HT6441
https://exchange.xforce.ibmcloud.com/vulnerabilities/87222

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
	cpe:2.3:o:apple:iphone_os:2.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
	cpe:2.3:o:apple:iphone_os:2.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:3.0:::::::*
	cpe:2.3:o:apple:iphone_os:3.2:::::::*
	cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:6.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:5.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.8:::::::*
	cpe:2.3:o:apple:iphone_os:6.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.3:::::::*
	cpe:2.3:o:apple:iphone_os:5.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
	cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.2.2:::::::*
	cpe:2.3:o:apple:iphone_os:6.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:6.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
	cpe:2.3:o:apple:iphone_os:6.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.5:::::::*
	cpe:2.3:o:apple:iphone_os:6.1:::::::*
	cpe:2.3:o:apple:iphone_os:5.0:::::::*
	cpe:2.3:o:apple:iphone_os:5.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.1:::::::*

Information

Published : 2013-09-19 03:27

Updated : 2017-08-28 18:29

NVD link : CVE-2011-2391

Mitre link : CVE-2011-2391

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

apple

mac_os_x
itunes
iphone_os

6.1 /10