CVE-2017-2518

high-risk
Published 2017-05-22

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.

Do I need to act?

!
23.3% chance of exploitation in next 30 days
EPSS score — higher than 77% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Debian Apple

References (18)

Third Party Advisory http://www.securityfocus.com/bid/98468
Third Party Advisory http://www.securitytracker.com/id/1038484
Third Party Advisory https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
Vendor Advisory https://support.apple.com/HT207797
Vendor Advisory https://support.apple.com/HT207798
Vendor Advisory https://support.apple.com/HT207800
Vendor Advisory https://support.apple.com/HT207801
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/
Third Party Advisory http://www.securityfocus.com/bid/98468
Third Party Advisory http://www.securitytracker.com/id/1038484
Third Party Advisory https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
Vendor Advisory https://support.apple.com/HT207797
Vendor Advisory https://support.apple.com/HT207798
Vendor Advisory https://support.apple.com/HT207800
Vendor Advisory https://support.apple.com/HT207801
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/
58
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 14/34 · Moderate
Exposure 12/34 · Low