Lucene search

[email protected]CVE-2009-0945

HistoryMay 13, 2009 - 5:30 p.m.

CVE-2009-0945

2009-05-1317:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2009-0945

webkit

apple safari

iphone os

ipod touch

google chrome

remote code execution

memory corruption

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

JSON

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.

Affected configurations

NVD

Node

applemac_os_xMatch10.4.11

applemac_os_xMatch10.5.0

applemac_os_xMatch10.5.1

applemac_os_xMatch10.5.2

applemac_os_xMatch10.5.3

applemac_os_xMatch10.5.4

applemac_os_xMatch10.5.5

applemac_os_xMatch10.5.6

applemac_os_x_serverMatch10.4.11

applemac_os_x_serverMatch10.5.0

applemac_os_x_serverMatch10.5.1

applemac_os_x_serverMatch10.5.2

applemac_os_x_serverMatch10.5.3

applemac_os_x_serverMatch10.5.4

applemac_os_x_serverMatch10.5.6

microsoftwindows_vista

microsoftwindows_xp

AND

applesafariRange≤3.2.2

applesafariMatch0.8

applesafariMatch0.9

applesafariMatch1.0

applesafariMatch1.0beta

applesafariMatch1.0beta2

applesafariMatch1.0.0

applesafariMatch1.0.0b1

applesafariMatch1.0.0b2

applesafariMatch1.0.1

applesafariMatch1.0.2

applesafariMatch1.0.3

applesafariMatch1.0.385.8

applesafariMatch1.0.385.8.1

applesafariMatch1.1

applesafariMatch1.1.0

applesafariMatch1.1.1

applesafariMatch1.2

applesafariMatch1.2.0

applesafariMatch1.2.1

applesafariMatch1.2.2

applesafariMatch1.2.3

applesafariMatch1.2.4

applesafariMatch1.2.5

applesafariMatch1.3

applesafariMatch1.3.0

applesafariMatch1.3.1

applesafariMatch1.3.2

applesafariMatch1.3.2312.5

applesafariMatch1.3.2312.6

applesafariMatch2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.4

applesafariMatch3

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.1

applesafariMatch3.0.2

applesafariMatch3.0.3

applesafariMatch3.0.4

applesafariMatch3.1

applesafariMatch3.1.0

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2

applesafariMatch3.2.0

applesafariMatch3.2.1

applesafariMatch4.0beta

CPENameOperatorVersion
apple:safariapple safarile3.2.2
apple:safariapple safarieq0.8
apple:safariapple safarieq0.9
apple:safariapple safarieq1.0
apple:safariapple safarieq1.0.0
apple:safariapple safarieq1.0.0b1
apple:safariapple safarieq1.0.0b2
apple:safariapple safarieq1.0.1
apple:safariapple safarieq1.0.2
apple:safariapple safarieq1.0.3

CPE	Name	Operator	Version
apple:safari	apple safari	le	3.2.2
apple:safari	apple safari	eq	0.8
apple:safari	apple safari	eq	0.9
apple:safari	apple safari	eq	1.0
apple:safari	apple safari	eq	1.0.0
apple:safari	apple safari	eq	1.0.0b1
apple:safari	apple safari	eq	1.0.0b2
apple:safari	apple safari	eq	1.0.1
apple:safari	apple safari	eq	1.0.2
apple:safari	apple safari	eq	1.0.3

Rows per page:

1-10 of 461

References

code.google.com/p/chromium/issues/detail?id=9019

googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.apple.com/archives/security-announce/2009/May/msg00000.html

lists.apple.com/archives/security-announce/2009/May/msg00001.html

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/35056

secunia.com/advisories/35074

secunia.com/advisories/35095

secunia.com/advisories/35576

secunia.com/advisories/35805

secunia.com/advisories/36062

secunia.com/advisories/36461

secunia.com/advisories/36790

secunia.com/advisories/37746

secunia.com/advisories/43068

support.apple.com/kb/HT3549

support.apple.com/kb/HT3550

support.apple.com/kb/HT3639

www.debian.org/security/2009/dsa-1950

www.redhat.com/support/errata/RHSA-2009-1130.html

www.securityfocus.com/archive/1/503594/100/0/threaded

www.securityfocus.com/bid/34924

www.securitytracker.com/id?1022207

www.ubuntu.com/usn/USN-822-1

www.ubuntu.com/usn/USN-836-1

www.ubuntu.com/usn/USN-857-1

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1298

www.vupen.com/english/advisories/2009/1321

www.vupen.com/english/advisories/2009/1621

www.vupen.com/english/advisories/2011/0212

www.zerodayinitiative.com/advisories/ZDI-09-022

exchange.xforce.ibmcloud.com/vulnerabilities/50477

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584

usn.ubuntu.com/823-1/

www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2009-0945

nessus22 zdi1 openvas31 fedora3 veracode1 securityvulns3 nvd1 cvelist1 ubuntucve1 debiancve1 chrome1 prion1 redhat1 ubuntu4 debian4 centos1 osv3 altlinux2