CVE-2015-5869

Published: Sep 18, 2015Modified: May 6, 2026

3.3

Vector

AV:A/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 6.5 / Impact: 2.9

Source: NVD

Description

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Affected (3)

Products: Apple: Mac Os X, Iphone Os, Watchos

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.10.5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 8.4.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Watchos	Version 1.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Source: product-security@apple.com

Vendor Advisory

http://openwall.com/lists/oss-security/2015/04/04/2

Source: product-security@apple.com

http://www.securityfocus.com/bid/76764

Source: product-security@apple.com

http://www.securitytracker.com/id/1033609

Source: product-security@apple.com

https://support.apple.com/HT205212

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT205213

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT205267

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html