CVE-2017-2518

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.

Published: May 22, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-2518
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
apple / mac_os_x	-	10.12.5
apple / iphone_os	-	10.3.2
apple / watchos	-	3.2.2
apple / tvos	-	10.2.1
debian / debian_linux	8.0	8.0.x

http://www.securityfocus.com/bid/98468
http://www.securitytracker.com/id/1038484
https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
https://support.apple.com/HT207797
https://support.apple.com/HT207798
https://support.apple.com/HT207800
https://support.apple.com/HT207801
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/

Vulnerability Database

291,049

CVE-2017-2518