Lucene search

MitreCVE-2005-4504

HistoryDec 22, 2005 - 11:03 p.m.

CVE-2005-4504

2005-12-2223:03:00

mitre

web.nvd.nist.gov

401

cve-2005-4504

khtml

rendertablesection

ensurerows

denial of service

memory consumption

application crash

safari

textedit

html

rowspan

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

Confidence

Low

EPSS

0.11

Percentile

95.2%

JSON

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

Affected configurations

Nvd

Node

applesafariMatch1.0

applesafariMatch1.1

applesafariMatch1.2

applesafariMatch1.2.1

applesafariMatch1.2.2

applesafariMatch1.2.3

applesafariMatch1.3

applesafariMatch2.0

applesafariMatch2.0.1

applesafariMatch2.0.2

appletexteditRange≤1.4

Node

applemac_os_xMatch10.0

applemac_os_xMatch10.0.1

applemac_os_xMatch10.0.2

applemac_os_xMatch10.0.3

applemac_os_xMatch10.0.4

applemac_os_xMatch10.1

applemac_os_xMatch10.1.1

applemac_os_xMatch10.1.2

applemac_os_xMatch10.1.3

applemac_os_xMatch10.1.4

applemac_os_xMatch10.1.5

applemac_os_xMatch10.2

applemac_os_xMatch10.2.1

applemac_os_xMatch10.2.2

applemac_os_xMatch10.2.3

applemac_os_xMatch10.2.4

applemac_os_xMatch10.2.5

applemac_os_xMatch10.2.6

applemac_os_xMatch10.2.7

applemac_os_xMatch10.2.8

applemac_os_xMatch10.3

applemac_os_xMatch10.3.1

applemac_os_xMatch10.3.2

applemac_os_xMatch10.3.3

applemac_os_xMatch10.3.4

applemac_os_xMatch10.3.5

applemac_os_xMatch10.3.6

applemac_os_xMatch10.3.7

applemac_os_xMatch10.3.8

applemac_os_xMatch10.3.9

applemac_os_xMatch10.4

applemac_os_xMatch10.4.1

applemac_os_xMatch10.4.2

applemac_os_xMatch10.4.3

applemac_os_x_serverMatch10.0

applemac_os_x_serverMatch10.1

applemac_os_x_serverMatch10.1.1

applemac_os_x_serverMatch10.1.2

applemac_os_x_serverMatch10.1.3

applemac_os_x_serverMatch10.1.4

applemac_os_x_serverMatch10.1.5

applemac_os_x_serverMatch10.2

applemac_os_x_serverMatch10.2.1

applemac_os_x_serverMatch10.2.2

applemac_os_x_serverMatch10.2.3

applemac_os_x_serverMatch10.2.4

applemac_os_x_serverMatch10.2.5

applemac_os_x_serverMatch10.2.6

applemac_os_x_serverMatch10.2.7

applemac_os_x_serverMatch10.2.8

applemac_os_x_serverMatch10.3

applemac_os_x_serverMatch10.3.1

applemac_os_x_serverMatch10.3.2

applemac_os_x_serverMatch10.3.3

applemac_os_x_serverMatch10.3.4

applemac_os_x_serverMatch10.3.5

applemac_os_x_serverMatch10.3.6

applemac_os_x_serverMatch10.3.7

applemac_os_x_serverMatch10.3.8

applemac_os_x_serverMatch10.3.9

applemac_os_x_serverMatch10.4

applemac_os_x_serverMatch10.4.1

applemac_os_x_serverMatch10.4.2

applemac_os_x_serverMatch10.4.3

VendorProductVersionCPE
applesafari1.0cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
applesafari1.1cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*
applesafari1.2cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
applesafari1.2.1cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*
applesafari1.2.2cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*
applesafari1.2.3cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*
applesafari1.3cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
applesafari2.0cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
applesafari2.0.1cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
applesafari2.0.2cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	1.0	cpe:2.3:a:apple:safari:1.0:::::::*
apple	safari	1.1	cpe:2.3:a:apple:safari:1.1:::::::*
apple	safari	1.2	cpe:2.3:a:apple:safari:1.2:::::::*
apple	safari	1.2.1	cpe:2.3:a:apple:safari:1.2.1:::::::*
apple	safari	1.2.2	cpe:2.3:a:apple:safari:1.2.2:::::::*
apple	safari	1.2.3	cpe:2.3:a:apple:safari:1.2.3:::::::*
apple	safari	1.3	cpe:2.3:a:apple:safari:1.3:::::::*
apple	safari	2.0	cpe:2.3:a:apple:safari:2.0:::::::*
apple	safari	2.0.1	cpe:2.3:a:apple:safari:2.0.1:::::::*
apple	safari	2.0.2	cpe:2.3:a:apple:safari:2.0.2:::::::*

Rows per page:

1-10 of 751

References

docs.info.apple.com/article.html?artnum=303382

docs.info.apple.com/jarticle.html?artnum=303382-en

lists.apple.com/archives/security-announce/2006/Mar/msg00000.html

secunia.com/advisories/18220

secunia.com/advisories/19064

security-protocols.com/advisory/sp-x22-advisory.txt

www.kb.cert.org/vuls/id/351217

www.securityfocus.com/bid/16045

www.securityfocus.com/bid/16907

www.us-cert.gov/cas/techalerts/TA06-062A.html

www.vupen.com/english/advisories/2005/3058

www.vupen.com/english/advisories/2006/0791

exchange.xforce.ibmcloud.com/vulnerabilities/23819

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

Confidence

Low

EPSS

0.11

Percentile

95.2%

JSON

Related for CVE-2005-4504