CVE-2013-5172 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2013-5172

CWE

https://cwe.mitre.org/data/definitions/189.html

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	*	10.8.5 (including)
Mac_os_x	Apple	10.8.0 (including)	10.8.0 (including)
Mac_os_x	Apple	10.8.1 (including)	10.8.1 (including)
Mac_os_x	Apple	10.8.2 (including)	10.8.2 (including)
Mac_os_x	Apple	10.8.3 (including)	10.8.3 (including)
Mac_os_x	Apple	10.8.4 (including)	10.8.4 (including)
Mac_os_x	Apple	10.8.5 (including)	10.8.5 (including)

References

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html