CVE-2009-3272

2009-09-2119:30:00

CWE-399

mitre

web.nvd.nist.gov

cve

2009

3272

webkit

apple safari

vulnerability

denial of service

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.2

Confidence

High

EPSS

0.627

Percentile

97.9%

JSON

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

Affected configurations

Nvd

Node

applesafariMatch3.2.3

applesafariMatch4.0

applesafariMatch4.0beta

applesafariMatch4.0.0b

applesafariMatch4.0.2

applesafariMatch4.0.3

VendorProductVersionCPE
applesafari3.2.3cpe:2.3:a:apple:safari:3.2.3:*:*:*:*:*:*:*
applesafari4.0cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
applesafari4.0cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*
applesafari4.0.0bcpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
applesafari4.0.2cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
applesafari4.0.3cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	3.2.3	cpe:2.3:a:apple:safari:3.2.3:::::::*
apple	safari	4.0	cpe:2.3:a:apple:safari:4.0:::::::*
apple	safari	4.0	cpe:2.3:a:apple:safari:4.0:beta::::::
apple	safari	4.0.0b	cpe:2.3:a:apple:safari:4.0.0b:::::::*
apple	safari	4.0.2	cpe:2.3:a:apple:safari:4.0.2:::::::*
apple	safari	4.0.3	cpe:2.3:a:apple:safari:4.0.3:::::::*