Buffer overflow in Apple Mac_os_x

CVE-2015-4290

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

Vulnerability class: Buffer Overflow

EPSS: 0.001 (24.9th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
Cisco Anyconnect_secure_mobility_client — versions 4.0\(2049\)
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

1033113 (vdb-entry, x_refsource_SECTRACK)
20150728 Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)