Heap-based Buffer Overflow in __sflush Function in stdio Library

Heap-based Buffer Overflow in __sflush Function in stdio Library

CVE-2014-8611 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

Learn more about our Cis Benchmark Audit For Apple Ios.