CVE-2017-2520: Buffer Overflow
First published: Mon May 22 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
Credit: product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPhone OS | <10.3.2 | |
| Apple Mac OS X | <10.12.5 | |
| Apple tvOS | <10.2.1 | |
| Apple watchOS | <3.2.2 | |
| Debian Debian Linux | =8.0 | |
| debian/sqlite3 | 3.34.1-3 3.34.1-3+deb11u1 3.40.1-2+deb12u1 3.46.1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/HT207797
- https://support.apple.com/HT207798
- https://support.apple.com/HT207800
- https://support.apple.com/HT207801
- http://www.securityfocus.com/bid/98468
- http://www.securitytracker.com/id/1038484
- https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html
- https://usn.ubuntu.com/4019-1/
- https://launchpad.net/bugs/cve/CVE-2017-2520
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384
- https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016
- https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1
- https://security-tracker.debian.org/tracker/CVE-2017-2520
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2520
- https://nvd.nist.gov/vuln/detail/CVE-2017-2520
- https://ubuntu.com/security/CVE-2017-2520
Frequently Asked Questions
What is CVE-2017-2520?
CVE-2017-2520 is a vulnerability in certain Apple products, including iOS, macOS, tvOS, and watchOS, that allows remote attackers to execute arbitrary code or cause denial of service.
How does CVE-2017-2520 affect iOS?
CVE-2017-2520 affects iOS versions before 10.3.2 and can be used to execute arbitrary code or cause denial of service.
What versions of macOS are affected by CVE-2017-2520?
CVE-2017-2520 affects macOS versions before 10.12.5 and can be used to execute arbitrary code or cause denial of service.
How can I fix CVE-2017-2520 on my Apple device?
To fix CVE-2017-2520 on your Apple device, make sure you update to the latest available version of the affected operating system, such as iOS 10.3.2 or macOS 10.12.5.
Where can I find more information about CVE-2017-2520?
You can find more information about CVE-2017-2520 on the Apple support website at the following links: [link1](https://support.apple.com/HT207797), [link2](https://support.apple.com/HT207798), [link3](https://support.apple.com/HT207800).
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/type
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/trending
- vendor/apple
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple tvos
- canonical/apple watchos
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- package-manager/debian