VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 19, 2013· Updated Apr 29, 2026

CVE-2013-5138

CVE-2013-5138

Description

A NULL pointer dereference in IOCatalogue of IOKitUser in Apple iOS before 7 allows a crafted application to crash the device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in IOCatalogue of IOKitUser in Apple iOS before 7 allows a crafted application to crash the device.

Vulnerability

The vulnerability resides in the IOCatalogue component of IOKitUser in Apple iOS versions prior to 7. A crafted application can trigger a NULL pointer dereference, leading to a denial of service by causing the device to crash. The issue affects iPhone 4 and later, iPod touch (5th generation) and later, and iPad 2 and later running iOS versions before 7.

Exploitation

An attacker must craft a malicious application that, when executed on the target device, triggers the NULL pointer dereference in IOCatalogue. The attacker requires the ability to run the application on the device, either by social engineering or through distribution via the App Store (if the app passes review) or via enterprise provisioning. No additional authentication or special privileges beyond the standard app sandbox are needed.

Impact

Successful exploitation results in a denial of service: the device crashes due to a NULL pointer dereference. This can lead to temporary unavailability of the device and potential loss of unsaved data. No code execution or data disclosure is reported for this vulnerability.

Mitigation

Apple addressed this issue in iOS 7, released on September 18, 2013 [1]. Users should update their devices to iOS 7 or later to prevent exploitation. No workarounds are documented for devices that cannot be updated.

References
  1. About the security content of iOS 7 - Apple Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

49
  • Apple Inc./Iphone OS48 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 47 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=6.1.4
    • cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: <7

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.