Vulnerability Details : CVE-2015-7987
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.
Vulnerability category: Overflow
Products affected by CVE-2015-7987
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:mdnsresponder:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:airport_base_station_firmware:*:*:*:*:*:*:*:*When used together with: Apple » Airport Base Station
- cpe:2.3:o:apple:airport_base_station_firmware:*:*:*:*:*:*:*:*When used together with: Apple » Airport Base Station
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7987
1.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7987
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-7987
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7987
-
http://www.securitytracker.com/id/1036181
Apple macOS mDNSResponder Bugs Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016Third Party Advisory
-
http://www.securityfocus.com/bid/91323
mDNSResponder CVE-2015-7987 Multiple Buffer Overflow VulnerabilitiesThird Party Advisory;VDB Entry
-
https://support.apple.com/HT206846
Security update for mDNSResponder - Apple SupportVendor Advisory
-
http://www.kb.cert.org/vuls/id/143335
VU#143335 - mDNSResponder contains multiple memory-based vulnerabilitiesThird Party Advisory;US Government Resource
Jump to