CVE-2017-7129: SQL Injection
First published: Tue Sep 19 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Credit: found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz found by OSS-Fuzz product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPhone OS | <=10.3.3 | |
| Apple Mac OS X | <=10.12.6 | |
| Apple tvOS | <=10.2.2 | |
| Apple watchOS | <=3.2.3 | |
| Apple iOS | <11 | 11 |
| Apple tvOS | <11 | 11 |
| Apple watchOS | <4 | 4 |
| Apple macOS High Sierra | <10.13 | 10.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208112 (Advisory)
- https://support.apple.com/en-us/HT208113 (Advisory)
- https://support.apple.com/en-us/HT208115 (Advisory)
- https://support.apple.com/en-us/HT208144 (Advisory)
- http://www.securityfocus.com/bid/100987
- http://www.securitytracker.com/id/1039427
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-13832
- CVE-2017-13863
- CVE-2017-7131
- CVE-2017-13829
- CVE-2017-13833
- CVE-2017-7083
- CVE-2017-13821
- CVE-2017-0381
- CVE-2017-13825
- CVE-2017-7088
- CVE-2017-13815
- CVE-2017-13828
- CVE-2017-11103
- CVE-2017-13830
- CVE-2017-7072
- CVE-2017-13814
- CVE-2017-13831
- CVE-2017-7114
- CVE-2017-13817
- CVE-2017-13818
- CVE-2017-13836
- CVE-2017-13841
- CVE-2017-13840
- CVE-2017-13842
- CVE-2017-13843
- CVE-2017-13854
- CVE-2017-13834
- CVE-2017-13873
- CVE-2017-7140
- CVE-2017-13813
- CVE-2017-13816
- CVE-2017-13812
- CVE-2017-7086
- CVE-2017-1000373
- CVE-2016-9063
- CVE-2017-9233
- CVE-2017-7376
- CVE-2017-5130
- CVE-2017-9050
- CVE-2017-9049
- CVE-2018-4302
- CVE-2017-7148
- CVE-2017-7078
- CVE-2017-7097
- CVE-2017-7118
- CVE-2017-7133
- CVE-2017-7075
- CVE-2017-7139
- CVE-2017-13806
- CVE-2017-13822
- CVE-2017-7132
- CVE-2017-7085
- CVE-2017-13877
- CVE-2017-7080
- CVE-2017-7146
- CVE-2017-10989
- CVE-2017-7128
- CVE-2017-7129
- CVE-2017-7130
- CVE-2017-7127
- CVE-2017-6211
- CVE-2017-7145
- CVE-2017-7081
- CVE-2017-7087
- CVE-2017-7091
- CVE-2017-7092
- CVE-2017-7093
- CVE-2017-7094
- CVE-2017-7095
- CVE-2017-7096
- CVE-2017-7098
- CVE-2017-7099
- CVE-2017-7100
- CVE-2017-7102
- CVE-2017-7104
- CVE-2017-7107
- CVE-2017-7111
- CVE-2017-7117
- CVE-2017-7120
- CVE-2017-7089
- CVE-2017-7090
- CVE-2017-7106
- CVE-2017-7109
- CVE-2017-7144
- CVE-2017-7142
- CVE-2017-11120
- CVE-2017-11121
- CVE-2017-7103
- CVE-2017-7105
- CVE-2017-7108
- CVE-2017-7110
- CVE-2017-7112
- CVE-2017-7115
- CVE-2017-7116
- CVE-2017-11122
- CVE-2016-9840
- CVE-2016-9841
- CVE-2016-9842
- CVE-2016-9843
- CVE-2017-13782
- CVE-2016-0736
- CVE-2016-2161
- CVE-2016-5387
- CVE-2016-8740
- CVE-2016-8743
- CVE-2017-13909
- CVE-2017-13809
- CVE-2017-7084
- CVE-2017-7074
- CVE-2017-13820
- CVE-2017-13807
- CVE-2017-7143
- CVE-2017-13890
- CVE-2017-13851
- CVE-2017-7138
- CVE-2017-7121
- CVE-2017-7122
- CVE-2017-7123
- CVE-2017-7124
- CVE-2017-7125
- CVE-2017-7126
- CVE-2017-13811
- CVE-2017-13835
- CVE-2017-13819
- CVE-2017-13837
- CVE-2017-13906
- CVE-2017-7077
- CVE-2017-7119
- CVE-2017-13810
- CVE-2017-13827
- CVE-2016-4736
- CVE-2017-7141
- CVE-2017-6451
- CVE-2017-6452
- CVE-2017-6455
- CVE-2017-6458
- CVE-2017-6459
- CVE-2017-6460
- CVE-2017-6462
- CVE-2017-6463
- CVE-2017-6464
- CVE-2016-9042
- CVE-2017-13824
- CVE-2017-13846
- CVE-2017-10140
- CVE-2017-13823
- CVE-2017-13808
- CVE-2017-13838
- CVE-2017-7082
- CVE-2017-13908
- CVE-2017-13839
- CVE-2017-13910
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-7129.
Which versions of iOS are affected by this vulnerability?
iOS versions before 11 are affected.
Which versions of macOS are affected by this vulnerability?
macOS versions before 10.13 are affected.
How does this vulnerability affect tvOS?
tvOS versions before 11 are affected.
How does this vulnerability affect watchOS?
watchOS versions before 4 are affected.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is critical with a value of 9.8.
How can I fix this vulnerability?
Updating to version 3.19.3 of SQLite will fix this vulnerability.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [https://support.apple.com/en-us/HT208144](https://support.apple.com/en-us/HT208144), [http://www.securityfocus.com/bid/100987](http://www.securityfocus.com/bid/100987), [http://www.securitytracker.com/id/1039427](http://www.securitytracker.com/id/1039427).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- alias/CVE-2017-7128
- alias/CVE-2017-7129
- alias/CVE-2017-7130
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple macos high sierra
- canonical/apple iphone os
- version/apple iphone os/10.3.3
- canonical/apple mac os x
- version/apple mac os x/10.12.6
- version/apple tvos/10.2.2
- version/apple watchos/3.2.3