CVEブラウザに戻る

CVE-2017-2519

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0050%

EPSS Percentile16.01th

Published2017年5月22日

Last Modified2026年5月13日

Vulnerability Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.

Affected Platforms (CPE)

💻

Apple

Iphone Os

< 10.3.2

💻

Apple

Mac Os X

< 10.12.5

💻

Apple

Tvos

< 10.2.1

💻

Apple

Watchos

< 3.2.2

💻

Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://www.securityfocus.com/bid/98468

🔗 http://www.securitytracker.com/id/1038484

🔗 https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html

🔗 https://support.apple.com/HT207797

🔗 https://support.apple.com/HT207798

🔗 https://support.apple.com/HT207800

🔗 https://support.apple.com/HT207801

🔗 https://usn.ubuntu.com/4019-1/

関連する脆弱性情報

CVE-2009-220410.0

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitr...

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...

CVE-2008-421110.0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iP...

CVE-2010-111910.0

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on ...