CVE-2017-2513

EUVD-2017-11696
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
≤ 10.3.1
applemac_os_x
𝑥
≤ 10.12.4
appletvos
𝑥
≤ 10.2
applewatchos
𝑥
≤ 3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sqlite3
bookworm
3.40.1-2
fixed
bullseye
3.34.1-3
fixed
bullseye (security)
3.34.1-3+deb11u1
fixed
jessie
not-affected
sid
3.46.1-1
fixed
trixie
3.46.1-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sqlite3
artful
not-affected
bionic
not-affected
trusty
not-affected
xenial
not-affected
zesty
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98468
http://www.securitytracker.com/id/1038484
https://support.apple.com/HT207797
https://support.apple.com/HT207798
https://support.apple.com/HT207800
https://support.apple.com/HT207801
http://www.securityfocus.com/bid/98468
http://www.securitytracker.com/id/1038484
https://support.apple.com/HT207797
https://support.apple.com/HT207798
https://support.apple.com/HT207800
https://support.apple.com/HT207801