CVE-2024-27876

{"id": "CVE-2024-27876", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-09-17T00:15:48.127", "references": [{"url": "https://support.apple.com/en-us/121234", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121238", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121246", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121247", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121249", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121250", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/32", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/33", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/36", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/39", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/40", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/41", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files."}, {"lang": "es", "value": "Se solucion\u00f3 una condici\u00f3n de ejecuci\u00f3n mejorando el bloqueo. Este problema se solucion\u00f3 en macOS Ventura 13.7, iOS 17.7 y iPadOS 17.7, visionOS 2, iOS 18 y iPadOS 18, macOS Sonoma 14.7 y macOS Sequoia 15. Descomprimir un archivo manipulado con fines malintencionados puede permitir que un atacante escriba archivos arbitrarios."}], "lastModified": "2025-11-04T17:15:48.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064488F4-456F-4C5D-B325-4F1FCDF2D432", "versionEndExcluding": "17.7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8542FD9-368A-4A38-965E-47AE279208F1", "versionEndExcluding": "17.7"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74C58F2C-DE4F-45E9-A5C0-CDF8B666EB4E", "versionEndExcluding": "13.7", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F1EED8-2BB5-4768-908B-83AF76DE7B5F", "versionEndExcluding": "14.7", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6AE7B0F-C356-4601-9636-617CDD09F009", "versionEndExcluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}