VAR-201804-1057

Vulnerability from variot - Updated: 2025-01-30 19:31

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11. in the United States. Apple iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. Wi-Fi is one of the wireless Internet access components. A security vulnerability exists in the Wi-Fi component in Apple iOS versions prior to 10.3.3 and tvOS versions prior to 10.2.2. Broadcom: Denial of service and OOB read in TCP KeepAlive Offloading

CVE-2017-7066

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS.

In order to reduce overhead on the host, some Broadcom Wi-Fi chips support TCP ACK Offloading. When this feature is enabled, the firmware keeps a list of active TCP connections, including the 4-tuple, the SEQ/ACK numbers, etc.

Before performing the offloading operation, incoming TCP packets are verified to ensure they are valid. During this verification process, the incoming packets' checksums are calculated. For IPv4 packets, the IPv4 header checksum and TCP/IPv4 checksum are calculated and compared to the checksums in the incoming packet.

On the BCM4355C0 SoC with firmware version 9.44.78.27.0.1.56, the offloading verification is performed in RAM function 0x1800C8. Here is a snippet of the approximate high-level logic for this function:

int function_1800C8(void ctx, void packet) {

char* packet_data = *((char**)(packet + 8));
unsigned short packet_length = *((unsigned short*)(packet + 12));
char* packet_end = packet_data + packet_length;

//Getting the ethertype. If there's a SNAP header, get the ethertype from SNAP.

//Is this IPv4?
if (ethertype == 0x800) {

    unsigned ip_header_length = (ip_header[0] & 0xF) * 4; //IHL * 4
    char* tcp_header = ip_header + ip_header_length;

    if (tcp_header > packet_end)
        return 0;

    //Make sure this is TCP
    if (ip_header[9] != 6) //IPv4->Protocol == TCP
        return 0;

    //Making sure the IP total length is valid
    unsigned short ip_total_length = (ip_header[2] << 8) | ip_header[3];
    unsigned tcp_length = ip_total_length - ip_header_length;
    if (tcp_header + tcp_length > packet_end)
        return 0;

    //Verify IPv4 checksum
    unsigned short ipv4_checksum = *((unsigned short*)(ip_header+10));
    if (ipv4_checksum != do_ipv4_checksum(ip_header, ip_header_length))
        return 0;

    //Verify TCP/IPv4 checksum
    unsigned short tcp_checksum = *((unsigned short*)(tcp_header+16));
    if (tcp_checksum != do_tcp_ipv4_checksum(ip_header, tcp_header, tcp_length))
        return 0;

    ... 
}
...

}

unsigned short do_ipv4_checksum(char* ip, unsigned len) { ... return internal_calculate_ipv4_checksum(..., ip + 12, len - 12); }

unsigned short do_tcp_ipv4_checksum(char ip, char tcp, unsigned len) { ... return internal_calculate_tcp_ipv4_checksum(..., ip + 18, len - 18); }

As can be seen above, there are a few missing length verifications in the snippet above:

  1. The IHL field in the IPv4 header is not verified against in minimal allowed value (5). This means an attacker can provide an intentionally small value, such as zero. Doing so will cause the following accesses to be performed OOB (such as checking the IP header's protocol field, calculating the IPv4 checksum, etc).

  2. The IP total length field is also not verified. An attacker can choose the total length field such that ip_total_length == ip_header_length. By doing so, tcp_length will contain the value zero. However, as the unsigned value (tcp_length - 12) is used as the length field in the internal TCP/IPv4 checksum calculation, this will cause the internal checksum calculation loop (RAM function 0x16DBF6) to receive a very large length field - causing an data abort due to an illegal access which will therefore crash the firmware.

The bug can be addressed by validating that the IHL is not smaller than the minimal allowed value (5), and by ensuring that the IP total length field is large enough to contain the IPv4 and TCP headers.

This bug is subject to a 90 day disclosure deadline. After 90 days elapse or a patch has been made broadly available, the bug report will become visible to the public.

Found by: laginimaineb

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1057",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (ipad first  4 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (iphone 5 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (ipod touch first  6 generation )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.2.2   (apple tv first  4 generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7066"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:apple_tv",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Google Security Research, laginimaineb",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "144365"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2017-7066",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2017-7066",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-115269",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-7066",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7066",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7066",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-206",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115269",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7066"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the \"Wi-Fi\" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11. in the United States. Apple iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. Wi-Fi is one of the wireless Internet access components. A security vulnerability exists in the Wi-Fi component in Apple iOS versions prior to 10.3.3 and tvOS versions prior to 10.2.2. Broadcom: Denial of service and OOB read in TCP KeepAlive Offloading \n\nCVE-2017-7066\n\n\nBroadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. \n\nIn order to reduce overhead on the host, some Broadcom Wi-Fi chips support TCP ACK Offloading. When this feature is enabled, the firmware keeps a list of active TCP connections, including the 4-tuple, the SEQ/ACK numbers, etc. \n\nBefore performing the offloading operation, incoming TCP packets are verified to ensure they are valid. During this verification process, the incoming packets\u0027 checksums are calculated. For IPv4 packets, the IPv4 header checksum and TCP/IPv4 checksum are calculated and compared to the checksums in the incoming packet. \n\nOn the BCM4355C0 SoC with firmware version 9.44.78.27.0.1.56, the offloading verification is performed in RAM function 0x1800C8. Here is a snippet of the approximate high-level logic for this function:\n\nint function_1800C8(void* ctx, void* packet) {\n\n    char* packet_data = *((char**)(packet + 8));\n    unsigned short packet_length = *((unsigned short*)(packet + 12));\n    char* packet_end = packet_data + packet_length;\n\n    //Getting the ethertype. If there\u0027s a SNAP header, get the ethertype from SNAP. \n\n    //Is this IPv4?\n    if (ethertype == 0x800) {\n\n        unsigned ip_header_length = (ip_header[0] \u0026 0xF) * 4; //IHL * 4\n        char* tcp_header = ip_header + ip_header_length;\n\n        if (tcp_header \u003e packet_end)\n            return 0;\n\n        //Make sure this is TCP\n        if (ip_header[9] != 6) //IPv4-\u003eProtocol == TCP\n            return 0;\n    \n        //Making sure the IP total length is valid\n        unsigned short ip_total_length = (ip_header[2] \u003c\u003c 8) | ip_header[3];\n        unsigned tcp_length = ip_total_length - ip_header_length;\n        if (tcp_header + tcp_length \u003e packet_end)\n            return 0;\n        \n        //Verify IPv4 checksum\n        unsigned short ipv4_checksum = *((unsigned short*)(ip_header+10));\n        if (ipv4_checksum != do_ipv4_checksum(ip_header, ip_header_length))\n            return 0;\n\n        //Verify TCP/IPv4 checksum\n        unsigned short tcp_checksum = *((unsigned short*)(tcp_header+16));\n        if (tcp_checksum != do_tcp_ipv4_checksum(ip_header, tcp_header, tcp_length))\n            return 0;\n    \n        ... \n    }\n    ... \n}\n\nunsigned short do_ipv4_checksum(char* ip, unsigned len) {\n    ... \n    return internal_calculate_ipv4_checksum(..., ip + 12, len - 12);\n}\n\nunsigned short do_tcp_ipv4_checksum(char* ip, char* tcp, unsigned len) {\n    ... \n    return internal_calculate_tcp_ipv4_checksum(..., ip + 18, len - 18);\n}\n\n\nAs can be seen above, there are a few missing length verifications in the snippet above:\n\n  1. The IHL field in the IPv4 header is not verified against in minimal allowed value (5). This means an attacker can provide an intentionally small value, such as zero. Doing so will cause the following accesses to be performed OOB (such as checking the IP header\u0027s protocol field, calculating the IPv4 checksum, etc). \n\n  2. The IP total length field is also not verified. An attacker can choose the total length field such that ip_total_length == ip_header_length. By doing so, tcp_length will contain the value zero. However, as the unsigned value (tcp_length - 12) is used as the length field in the internal TCP/IPv4 checksum calculation, this will cause the internal checksum calculation loop (RAM function 0x16DBF6) to receive a very large length field - causing an data abort due to an illegal access which will therefore crash the firmware. \n\nThe bug can be addressed by validating that the IHL is not smaller than the minimal allowed value (5), and by ensuring that the IP total length field is large enough to contain the IPv4 and TCP headers. \n\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\nor a patch has been made broadly available, the bug report will become\nvisible to the public. \n\n\n\n\nFound by: laginimaineb\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115269"
      },
      {
        "db": "PACKETSTORM",
        "id": "144365"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7066",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "144365",
        "trust": 0.2
      },
      {
        "db": "OTHER",
        "id": "NONE",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-96605",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-115269",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-115269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "db": "PACKETSTORM",
        "id": "144365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7066"
      }
    ]
  },
  "id": "VAR-201804-1057",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-115269"
      }
    ],
    "trust": 0.02
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "home \u0026 office device",
          "embedded device"
        ],
        "sub_category": "chip",
        "trust": 0.1
      },
      {
        "category": [
          "home \u0026 office device",
          "embedded device"
        ],
        "sub_category": "TV",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      }
    ]
  },
  "last_update_date": "2025-01-30T19:31:24.001000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT207923",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT207923"
      },
      {
        "title": "HT207924",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT207924"
      },
      {
        "title": "HT207924",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT207924"
      },
      {
        "title": "HT207923",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT207923"
      },
      {
        "title": "Apple iOS  and tvOS Wi-Fi Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83058"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7066"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207923"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207924"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7066"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7066"
      },
      {
        "trust": 0.1,
        "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-115269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "db": "PACKETSTORM",
        "id": "144365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7066"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-115269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "db": "PACKETSTORM",
        "id": "144365"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7066"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115269"
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "date": "2017-09-27T13:35:19",
        "db": "PACKETSTORM",
        "id": "144365"
      },
      {
        "date": "2018-04-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      },
      {
        "date": "2018-04-03T06:29:01.953000",
        "db": "NVD",
        "id": "CVE-2017-7066"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115269"
      },
      {
        "date": "2018-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      },
      {
        "date": "2024-11-21T03:31:06.307000",
        "db": "NVD",
        "id": "CVE-2017-7066"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  tvOS of  Wi-Fi Service disruption in components  (DoS) Vulnerability made into a state",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013149"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-206"
      }
    ],
    "trust": 0.6
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…