CVE-2013-3955

iPhone OS 5.x-6.1.3 - Memory Corruption via Invalid AppleDouble File Header

Title source: llm
STIX 2.1

Description

The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5934
Various Sources x_refsource_misc
http://www.syscan.org/index.php/sg/program/day/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029054
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html

Scores

EPSS 0.0042
EPSS Percentile 33.9%

Details

CWE
CWE-20
Status published
Products (13)
apple/ipad
apple/ipad2
apple/ipad_mini
apple/iphone_os 5.0
apple/iphone_os 5.0.1
apple/iphone_os 5.1
apple/iphone_os 5.1.1
apple/iphone_os 6.0
apple/iphone_os 6.0.1
apple/iphone_os 6.0.2
... and 3 more
Published Jun 05, 2013
Tracked Since Feb 18, 2026