cvelistv5 - cve-2010-3832

CVE-2010-3832 (GCVE-0-2010-3832)

Vulnerability from cvelistv5

Published

2010-11-26 19:00

Modified

2024-08-07 03:26

Severity ?

CWE

Summary

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/63421	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2010/3046	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1024770	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/42314	third-party-advisory, x_refsource_SECUNIA
	http://support.apple.com/kb/HT4456	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	vendor-advisory, x_refsource_APPLE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:26:11.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "appleios-tmsi-bo(63421)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63421"
          },
          {
            "name": "ADV-2010-3046",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3046"
          },
          {
            "name": "1024770",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024770"
          },
          {
            "name": "42314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42314"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4456"
          },
          {
            "name": "APPLE-SA-2010-11-22-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "appleios-tmsi-bo(63421)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63421"
        },
        {
          "name": "ADV-2010-3046",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3046"
        },
        {
          "name": "1024770",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024770"
        },
        {
          "name": "42314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42314"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4456"
        },
        {
          "name": "APPLE-SA-2010-11-22-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-3832",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "appleios-tmsi-bo(63421)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63421"
            },
            {
              "name": "ADV-2010-3046",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3046"
            },
            {
              "name": "1024770",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024770"
            },
            {
              "name": "42314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42314"
            },
            {
              "name": "http://support.apple.com/kb/HT4456",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4456"
            },
            {
              "name": "APPLE-SA-2010-11-22-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-3832",
    "datePublished": "2010-11-26T19:00:00.000Z",
    "dateReserved": "2010-10-07T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:26:11.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-565

Vulnerability from certfr_avis

De multiples vulnérabilités affectent Apple iOS. Certaines permettent l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Apple iOS, notamment dans :

Configuration Profiles ;
CoreGraphics ;
FreeType ;
iAd Content Display ;
ImageIO ;
libxml ;
Mail ;
Networking ;
OfficeImport ;
Photos ;
Safari ;
Telephony ;
WebKit.

Parmi ces vulnérabilités, certaines permettent l'exécution de code arbitraire à distance, des dénis de service à distance ainsi que l'atteinte à la confidentialité des données sur les produits Apple embarquant le système d'exploitation iOS.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions 4.1 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4456 du 22 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eApple iOS\u003c/SPAN\u003e  versions 4.1 et ant\u00e9rieures.",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Apple iOS, notamment dans :\n\n-   Configuration Profiles ;\n-   CoreGraphics ;\n-   FreeType ;\n-   iAd Content Display ;\n-   ImageIO ;\n-   libxml ;\n-   Mail ;\n-   Networking ;\n-   OfficeImport ;\n-   Photos ;\n-   Safari ;\n-   Telephony ;\n-   WebKit.\n\nParmi ces vuln\u00e9rabilit\u00e9s, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, des d\u00e9nis de service \u00e0 distance ainsi que\nl\u0027atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es sur les produits Apple\nembarquant le syst\u00e8me d\u0027exploitation iOS.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1408"
    },
    {
      "name": "CVE-2010-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1407"
    },
    {
      "name": "CVE-2010-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1784"
    },
    {
      "name": "CVE-2010-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1791"
    },
    {
      "name": "CVE-2010-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1782"
    },
    {
      "name": "CVE-2010-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1387"
    },
    {
      "name": "CVE-2010-1822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1822"
    },
    {
      "name": "CVE-2010-3821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3821"
    },
    {
      "name": "CVE-2010-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3824"
    },
    {
      "name": "CVE-2010-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1418"
    },
    {
      "name": "CVE-2010-3832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3832"
    },
    {
      "name": "CVE-2010-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3819"
    },
    {
      "name": "CVE-2010-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3804"
    },
    {
      "name": "CVE-2010-1403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1403"
    },
    {
      "name": "CVE-2010-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1770"
    },
    {
      "name": "CVE-2010-3822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3822"
    },
    {
      "name": "CVE-2010-3259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3259"
    },
    {
      "name": "CVE-2010-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1414"
    },
    {
      "name": "CVE-2010-3813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3813"
    },
    {
      "name": "CVE-2010-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1807"
    },
    {
      "name": "CVE-2010-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3803"
    },
    {
      "name": "CVE-2010-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3812"
    },
    {
      "name": "CVE-2010-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3831"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2010-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1771"
    },
    {
      "name": "CVE-2010-3809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3809"
    },
    {
      "name": "CVE-2010-3820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3820"
    },
    {
      "name": "CVE-2010-1813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1813"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-3816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3816"
    },
    {
      "name": "CVE-2010-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1789"
    },
    {
      "name": "CVE-2010-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1764"
    },
    {
      "name": "CVE-2010-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1788"
    },
    {
      "name": "CVE-2010-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3826"
    },
    {
      "name": "CVE-2010-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1410"
    },
    {
      "name": "CVE-2010-3810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3810"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2010-3830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3830"
    },
    {
      "name": "CVE-2010-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3786"
    },
    {
      "name": "CVE-2010-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1793"
    },
    {
      "name": "CVE-2010-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1786"
    },
    {
      "name": "CVE-2010-0544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0544"
    },
    {
      "name": "CVE-2010-3829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3829"
    },
    {
      "name": "CVE-2010-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1785"
    },
    {
      "name": "CVE-2010-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1783"
    },
    {
      "name": "CVE-2010-1416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1416"
    },
    {
      "name": "CVE-2010-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3817"
    },
    {
      "name": "CVE-2010-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3814"
    },
    {
      "name": "CVE-2010-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3808"
    },
    {
      "name": "CVE-2010-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1394"
    },
    {
      "name": "CVE-2010-3116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3116"
    },
    {
      "name": "CVE-2010-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1405"
    },
    {
      "name": "CVE-2010-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3805"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1806"
    },
    {
      "name": "CVE-2010-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1757"
    },
    {
      "name": "CVE-2010-1422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1422"
    },
    {
      "name": "CVE-2010-3828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3828"
    },
    {
      "name": "CVE-2010-3827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3827"
    },
    {
      "name": "CVE-2010-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1758"
    },
    {
      "name": "CVE-2010-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1843"
    },
    {
      "name": "CVE-2010-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2808"
    },
    {
      "name": "CVE-2010-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1781"
    },
    {
      "name": "CVE-2010-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2805"
    },
    {
      "name": "CVE-2010-3818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3818"
    },
    {
      "name": "CVE-2010-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1415"
    },
    {
      "name": "CVE-2010-3053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3053"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-3257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3257"
    },
    {
      "name": "CVE-2010-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3823"
    },
    {
      "name": "CVE-2010-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3054"
    },
    {
      "name": "CVE-2010-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1421"
    },
    {
      "name": "CVE-2010-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1417"
    },
    {
      "name": "CVE-2010-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2806"
    },
    {
      "name": "CVE-2010-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3811"
    },
    {
      "name": "CVE-2010-1812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1812"
    },
    {
      "name": "CVE-2010-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1811"
    },
    {
      "name": "CVE-2010-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1392"
    },
    {
      "name": "CVE-2010-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1780"
    },
    {
      "name": "CVE-2010-1814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1814"
    },
    {
      "name": "CVE-2010-1815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1815"
    },
    {
      "name": "CVE-2010-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1787"
    },
    {
      "name": "CVE-2010-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2807"
    },
    {
      "name": "CVE-2010-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1384"
    }
  ],
  "initial_release_date": "2010-11-24T00:00:00",
  "last_revision_date": "2010-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-565",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent \u003cspan class=\"textit\"\u003eApple\niOS\u003c/span\u003e. Certaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4456 du 22 novembre 2010",
      "url": "http://support.apple.com/kb/HT4456"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-3832 (GCVE-0-2010-3832)

Vulnerability from cvelistv5

CERTA-2010-AVI-565

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature