CVE-2009-2795

{"id": "CVE-2009-2795", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-10T21:30:01.170", "references": [{"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36677", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3860", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36341", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53183", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/36677", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT3860", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/36341", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53183", "tags": ["VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to \"command parsing.\""}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en el componente Recovery Mode en Apple iPhone OS anterior a v3.1, e iPhone OS anterior a v3.1.1 para iPod touch, permite a usuarios locales evitar el requisito de \"requerir clave\" y acceder a datos de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el \"an\u00e1lisis de comandos\"."}], "lastModified": "2024-11-21T01:05:45.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF765D52-58F5-49F1-8323-2EB7EB5006A5", "versionEndExcluding": "3.1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:ipod_touch:*:*", "vulnerable": true, "matchCriteriaId": "3935C1A3-3488-465C-ADE2-DC6B31365DC0", "versionEndExcluding": "3.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}