Vulnerability Details : CVE-2014-4442
The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-4442
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4442
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.7
|
MEDIUM | AV:L/AC:M/Au:N/C:N/I:N/A:C |
3.4
|
6.9
|
NIST |
CWE ids for CVE-2014-4442
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4442
-
http://www.securitytracker.com/id/1031063
Apple OS X Multiple Flaws Let Users Execute Arbitrary Code, Obtain Elevated Privileges, Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker
-
https://support.apple.com/kb/HT6535
About the security content of OS X Yosemite v10.10 - Apple SupportVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/97632
Apple Mac OS X system control sockets denial of service CVE-2014-4442 Vulnerability Report
-
http://www.securityfocus.com/bid/70624
Apple Mac OS X CVE-2014-4442 System Control Sockets Local Denial of Service Vulnerability
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Products affected by CVE-2014-4442
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*