CVE-2010-3832

critical

Description

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/63421

http://www.vupen.com/english/advisories/2010/3046

http://www.securitytracker.com/id?1024770

http://support.apple.com/kb/HT4456

http://secunia.com/advisories/42314

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Details

Source: Mitre, NVD

Published: 2010-11-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical