CVE-2009-2795

high

Description

Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/53183

http://www.securityfocus.com/bid/36341

http://support.apple.com/kb/HT3860

http://secunia.com/advisories/36677

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

Details

Source: Mitre, NVD

Published: 2009-09-10

Updated: 2018-11-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High