CVE-2015-3798

Apple iOS <8.4.1 & OS X <10.10.5 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3798. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit targets an integer overflow in the OS X regex engine (tre_tnfa_run_parallel) leading to a negative total_bytes value, causing a heap-based buffer overflow via memset. The PoC constructs a malicious regex with excessive nesting and captures to trigger the vulnerability.

Description

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdososx

https://www.exploit-db.com/exploits/38262

View Code ZIP pw:eip

The exploit targets an integer overflow in the OS X regex engine (tre_tnfa_run_parallel) leading to a negative total_bytes value, causing a heap-based buffer overflow via memset. The PoC constructs a malicious regex with excessive nesting and captures to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: OS X regex engine (libsystem_c.dylib)

No auth needed

Prerequisites: Target system running OS X with vulnerable regex engine

MITRE ATT&CK