Vulnerability Name:

CVE-2017-7000 (CCN-126484)

Assigned:2017-05-30
Published:2017-05-30
Updated:2018-04-27
Summary:An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-7000

Source: BID
Type: Third Party Advisory, VDB Entry
98767

Source: CCN
Type: BID-98767
Apple Safari CVE-2017-7000 Type Confusion Remote Code Execution Vulnerability

Source: BID
Type: Third Party Advisory, VDB Entry
99950

Source: CCN
Type: BID-99950
Google Chrome Prior to 60.0.3112.78 Multiple Security Vulnerabilities

Source: REDHAT
Type: Third Party Advisory
RHSA-2017:1833

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update for Desktop

Source: XF
Type: UNKNOWN
apple-safari-cve20177000-code-exec(126484)

Source: GENTOO
Type: Third Party Advisory
GLSA-201709-15

Source: CCN
Type: Apple security document HT207798
About the security content of iOS 10.3.2

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT207797

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT207798

Source: DEBIAN
Type: Third Party Advisory
DSA-3926

Source: CCN
Type: ZDI-17-367
(Pwn2Own) Apple Safari WebSQL snippet Type Confusion Remote Code Execution Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 10.3.2)
  • OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 10.12.5)

    • Configuration 2:
  • cpe:/a:chromium:chromium:*:*:*:*:*:*:*:* (Version < 61.0.3163.79)
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apple:safari:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2017-7000 (CCN-129419)

    Assigned:2017-07-25
    Published:2017-07-25
    Updated:2017-07-25
    Summary:Google Chrome could allow a remote attacker to obtain sensitive information, caused by a pointer disclosure in SQLite. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
    CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
    7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
    3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): 
    Attack Complexity (AC): 
    Privileges Required (PR): 
    User Interaction (UI): 
    Scope:Scope (S): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Medium
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): Single_Instance
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    Vulnerability Consequences:Obtain Information
    References:Source: MITRE
    Type: CNA
    CVE-2017-7000

    Source: CCN
    Type: BID-98767
    Apple Safari CVE-2017-7000 Type Confusion Remote Code Execution Vulnerability

    Source: CCN
    Type: BID-99950
    Google Chrome Prior to 60.0.3112.78 Multiple Security Vulnerabilities

    Source: CCN
    Type: Google Chrome Releases Web site
    Stable Channel Update for Desktop

    Source: XF
    Type: UNKNOWN
    google-chrome-cve20177000-info-disc(129419)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:google:chrome:60.0.3112.76:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20177000
    V
    		CVE-2017-7000
    2022-06-30
    oval:org.opensuse.security:def:112066
    P
    		chromedriver-93.0.4577.82-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105615
    P
    		chromedriver-93.0.4577.82-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:26354
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:25283
    P
    		Security update for SUSE Manager Client Tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25658
    P
    		Security update for liblouis (Low)
    2020-12-01
    oval:org.opensuse.security:def:25018
    P
    		Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26389
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:25367
    P
    		Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25672
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:25145
    P
    		Security update for freeradius-server (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25517
    P
    		Security update for qemu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24943
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:25716
    P
    		Security update for librsvg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25226
    P
    		Security update for e2fsprogs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25570
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:24954
    P
    		Security update for gstreamer-plugins-base (Important)
    2020-12-01
    oval:com.ubuntu.bionic:def:201770000000000
    V
    		CVE-2017-7000 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-04-03
    oval:com.ubuntu.artful:def:20177000000
    V
    		CVE-2017-7000 on Ubuntu 17.10 (artful) - medium.
    2018-04-03
    oval:com.ubuntu.xenial:def:20177000000
    V
    		CVE-2017-7000 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-04-03
    oval:com.ubuntu.xenial:def:201770000000000
    V
    		CVE-2017-7000 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-04-03
    oval:com.ubuntu.bionic:def:20177000000
    V
    		CVE-2017-7000 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-04-03
    oval:com.ubuntu.cosmic:def:20177000000
    V
    		CVE-2017-7000 on Ubuntu 18.10 (cosmic) - medium.
    2018-04-03
    oval:com.ubuntu.cosmic:def:201770000000000
    V
    		CVE-2017-7000 on Ubuntu 18.10 (cosmic) - medium.
    2018-04-03
    oval:com.ubuntu.trusty:def:20177000000
    V
    		CVE-2017-7000 on Ubuntu 14.04 LTS (trusty) - medium.
    2018-04-03
    BACK
    apple iphone os *
    apple mac os x *
    chromium chromium *
    debian debian linux 9.0
    redhat enterprise linux desktop 6.0
    redhat enterprise linux server 6.0
    redhat enterprise linux workstation 6.0
    apple safari *
    google chrome 60.0.3112.76