CVE-2017-2368

MEDIUM

iPhone OS < 10.2.1 - Denial of Service in Contacts Component via Crafted Contact Card

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2368. PoCs published by vincedes3.

AI-analyzed exploit summary This repository contains a README file referencing CVE-2017-2368, a vulnerability affecting iOS versions greater than 10.2.1. The README provides a link to a website with more information about the vulnerability but does not include any exploit code or technical details.

Description

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card.

Exploits (1)

nomisec WRITEUP
by vincedes3 · poc
https://github.com/vincedes3/CVE-2017-2368

This repository contains a README file referencing CVE-2017-2368, a vulnerability affecting iOS versions greater than 10.2.1. The README provides a link to a website with more information about the vulnerability but does not include any exploit code or technical details.

Classification
Writeup 50%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: iOS > 10.2.1
No auth needed
Prerequisites: iOS device running a version greater than 10.2.1
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95722
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207482
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037668

Scores

CVSS v3 5.5
EPSS 0.0121
EPSS Percentile 64.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
apple/iphone_os < 10.2.0
Published Feb 20, 2017
Tracked Since Feb 18, 2026