Vulnerabilities > CVE-2017-6438 - Out-of-bounds Write vulnerability in Libplist Project Libplist 1.12

047910
CVSS 7.3 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
libplist-project
CWE-787
nessus
NVD
Published: 2017-03-15
Updated: 2024-11-21

Summary

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file.

Vulnerable Configurations

Part Description Count
Application
Libplist_Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2201-1.NASL
    descriptionThis update for libplist fixes the following issues: Security issues fixed : - CVE-2017-6439: Heap-based buffer overflow in the parse_string_node function. (bsc#1029638) - CVE-2017-6438: Heap-based buffer overflow in the parse_unicode_node function. (bsc#1029706) - CVE-2017-6437: The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file. (bsc#1029707) - CVE-2017-6436: Integer overflow in parse_string_node. (bsc#1029751) - CVE-2017-6435: Crafted plist file could lead to Heap-buffer overflow. (bsc#1029639) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id102578
    published2017-08-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102578
    titleSUSE SLED12 / SLES12 Security Update : libplist (SUSE-SU-2017:2201-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-D8173AACFF.NASL
    description - Update to upstream 2.0.0 - Fixes the following CVEs plus others - CVE-2017-6440 CVE-2017-6439 CVE-2017-6438 CVE-2017-6437 CVE-2017-6436 CVE-2017-6435 CVE-2017-5836 CVE-2017-5835 CVE-2017-5834 CVE-2017-5545 CVE-2017-5209 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101732
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101732
    titleFedora 26 : libplist (2017-d8173aacff)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-3849AF4477.NASL
    descriptionVersion 2.0.0 Changes : - New light-weight custom XML parser - Remove libxml2 dependency - Refactor binary plist parsing - Improved malformed XML and binary plist detection and error handling - Add parser debug/error output (when compiled with --enable-debug), controlled via environment variables - Fix unicode character handling - Add PLIST_IS_* helper macros for the different node types - Extend date/time range and date conversion issues - Add plist_is_binary() and plist_from_memory() functions to the interface - Plug several memory leaks - Speed improvements for handling large plist files Includes security fixes for : - CVE-2017-6440 - CVE-2017-6439 - CVE-2017-6438 - CVE-2017-6437 - CVE-2017-6436 - CVE-2017-6435 - CVE-2017-5836 - CVE-2017-5835 - CVE-2017-5834 - CVE-2017-5545 - CVE-2017-5209 ... and several others that didn
    last seen2020-06-05
    modified2017-05-16
    plugin id100187
    published2017-05-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100187
    titleFedora 24 : libplist (2017-3849af4477)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-953.NASL
    descriptionThis update for libplist fixes the following issues : Security issues fixed : - CVE-2017-6439: Heap-based buffer overflow in the parse_string_node function. (bsc#1029638) - CVE-2017-6438: Heap-based buffer overflow in the parse_unicode_node function. (bsc#1029706) - CVE-2017-6437: The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file. (bsc#1029707) - CVE-2017-6436: Integer overflow in parse_string_node. (bsc#1029751) - CVE-2017-6435: Crafted plist file could lead to Heap-buffer overflow. (bsc#1029639) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-08-18
    plugin id102568
    published2017-08-18
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102568
    titleopenSUSE Security Update : libplist (openSUSE-2017-953)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-320-01.NASL
    descriptionNew libplist packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104641
    published2017-11-17
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104641
    titleSlackware 14.2 / current : libplist (SSA:2017-320-01)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-4047180CD3.NASL
    descriptionVersion 2.0.0 Changes : - New light-weight custom XML parser - Remove libxml2 dependency - Refactor binary plist parsing - Improved malformed XML and binary plist detection and error handling - Add parser debug/error output (when compiled with --enable-debug), controlled via environment variables - Fix unicode character handling - Add PLIST_IS_* helper macros for the different node types - Extend date/time range and date conversion issues - Add plist_is_binary() and plist_from_memory() functions to the interface - Plug several memory leaks - Speed improvements for handling large plist files Includes security fixes for : - CVE-2017-6440 - CVE-2017-6439 - CVE-2017-6438 - CVE-2017-6437 - CVE-2017-6436 - CVE-2017-6435 - CVE-2017-5836 - CVE-2017-5835 - CVE-2017-5834 - CVE-2017-5545 - CVE-2017-5209 ... and several others that didn
    last seen2020-06-05
    modified2017-05-16
    plugin id100188
    published2017-05-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100188
    titleFedora 25 : libplist (2017-4047180cd3)

References