CVE-2013-3955
iPhone OS 5.x-6.1.3 - Memory Corruption via Invalid AppleDouble File Header
Title source: llmDescription
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5934
Various Sources x_refsource_misc
http://www.syscan.org/index.php/sg/program/day/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029054
Exploit x_refsource_misc
http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Scores
EPSS
0.0042
EPSS Percentile
33.9%
Details
CWE
CWE-20
Status
published
Products (13)
apple/ipad
apple/ipad2
apple/ipad_mini
apple/iphone_os
5.0
apple/iphone_os
5.0.1
apple/iphone_os
5.1
apple/iphone_os
5.1.1
apple/iphone_os
6.0
apple/iphone_os
6.0.1
apple/iphone_os
6.0.2
... and 3 more
Published
Jun 05, 2013
Tracked Since
Feb 18, 2026