{"vuid":"VU#143335","idnumber":"143335","name":"mDNSResponder contains multiple memory-based vulnerabilities","keywords":["mdns","unix","android","apple"],"overview":"mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference.","clean_desc":"CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-7987 Improper bounds checking in \"GetValueForIPv4Addr()\", \"GetValueForMACAddr()\", \"rfc3110_import()\", and \"CopyNSEC3ResourceRecord()\" functions may allow an attacker to read or write memory. CWE-476: NULL Pointer Dereference - CVE-2015-7988 Improper input validation in \"handle_regservice_request()\" may allow an attacker to execute arbitrary code or cause a denial of service. Apple has also issued a security advisory for these issues. mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues. The CVSS score below is based on CVE-2015-7987.","impact":"A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder.","resolution":"Apply an update mDNSResponder 625.41.2 has been released to address these issues. Affected users should update as soon as possible.","workarounds":"","sysaffected":"","thanks":"Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors.","author":"This document was written by Garret Wassermann.","public":["https://support.apple.com/en-us/HT206846","http://www.opensource.apple.com/tarballs/mDNSResponder/","https://developer.apple.com/bonjour/","http://cwe.mitre.org/data/definitions/120.html","http://cwe.mitre.org/data/definitions/476.html"],"cveids":["CVE-2015-7987","CVE-2015-7988"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-10-16T16:20:33Z","publicdate":"2016-06-20T00:00:00Z","datefirstpublished":"2016-06-20T22:45:44Z","dateupdated":"2016-06-20T23:38:49Z","revision":83,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5.3","cvss_environmentalscore":"4.00641675301744","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}