CVE-2017-11122

Published: Oct 4, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.

Affected (3)

Products: Broadcom: Bcm4355c0 Firmware · Apple: Iphone Os, Tvos

1 product

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Broadcom Bcm4355c0 Firmware	Up to 9.44.78.27.0.1.56

Running on/with	Platform Versions
Broadcom Bcm4355c0	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 10.3.3
Apple Tvos	Up to 10.2.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://bugs.chromium.org/p/project-zero/issues/detail?id=1300

Source: cve@mitre.org

ExploitIssue TrackingThird Party AdvisoryVDB Entry

https://support.apple.com/HT208112

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/HT208113

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/en-us/HT208112

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/en-us/HT208113

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html