The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE
Apple Mac os x 10.8.5 (not an official CPE)
Apache Software Foundation POI 2.0 pre3
Apache Software Foundation POI 2.0
Apache Software Foundation POI 2.0 Release Candidate 1
Apache Software Foundation POI 2.0 pre1
Apple Mac os x 10.8.5 Supplemental update (not an official CPE)
Apache Software Foundation POI 2.0 pre2
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| APPLE-SA-2013-10-22-3 |