CVE-2015-7987

Published: Jun 26, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

Affected (8)

Products: Apple: Iphone Os, Mac Os X, Watchos, Airport Base Station Firmware, Mdnsresponder

5 products

Airport Base Station Firmware

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	From 9.0 to 9.1
Apple Mac Os X	From 10.10.0 to 10.10.5
Apple Mac Os X	From 10.11.0 to 10.11.1
Apple Mac Os X	From 10.9 to 10.9.5
Apple Watchos	Before 2.1

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Airport Base Station Firmware	From 7.6 to 7.6.7
Apple Airport Base Station Firmware	From 7.7 to 7.7.7

Running on/with	Platform Versions
Apple Airport Base Station	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mdnsresponder	Before 625.41.2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://www.kb.cert.org/vuls/id/143335

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: cret@cert.org

Third Party Advisory

http://www.securityfocus.com/bid/91323

Source: cret@cert.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036181

Source: cret@cert.org

Third Party AdvisoryVDB Entry

https://support.apple.com/HT206846

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/143335

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/91323

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036181

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.apple.com/HT206846

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.