CVE-2014-4371

Name: CVE-2014-4371
Creator: NVD / NIST
Published: 2014-09-18T10:55:09.14+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.41%

Last modified Jun 17, 2026

CVE-2014-4371 is a vulnerability of currently unknown severity. The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.

Metrics

EPSS Probability

0.41%

32.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-665

Affected Software

Vendor	Product	Versions
Apple	Tvos	<= 6.2
Apple	Tvos	6.0
Apple	Tvos	6.0.1
Apple	Tvos	6.0.2
Apple	Tvos	6.1
Apple	Tvos	6.1.1
Apple	Tvos	6.1.2
Apple	Mac Os X	<= 10.9.5
Apple	Iphone Os	<= 7.1.2
Apple	Iphone Os	7.0
Apple	Iphone Os	7.0.1
Apple	Iphone Os	7.0.2
Apple	Iphone Os	7.0.3
Apple	Iphone Os	7.0.4
Apple	Iphone Os	7.0.5
Apple	Iphone Os	7.0.6
Apple	Iphone Os	7.1
Apple	Iphone Os	7.1.1

References

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlThird Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlMailing List, Vendor Advisory
http://support.apple.com/HT204244Vendor Advisory
http://support.apple.com/kb/HT6441Vendor Advisory
http://support.apple.com/kb/HT6442Vendor Advisory
http://www.securityfocus.com/bid/69882Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/69919Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1030866Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/96100VDB Entry
https://support.apple.com/kb/HT6535Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlThird Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlMailing List, Vendor Advisory
http://support.apple.com/HT204244Vendor Advisory
http://support.apple.com/kb/HT6441Vendor Advisory
http://support.apple.com/kb/HT6442Vendor Advisory
http://www.securityfocus.com/bid/69882Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/69919Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1030866Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/96100VDB Entry
https://support.apple.com/kb/HT6535Vendor Advisory

Timeline

Published: Sep 18, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-4371?

How severe is CVE-2014-4371?

Severity scoring for CVE-2014-4371 is pending analysis. The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2014-4371?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-4371?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST