Lucene search

K

[email protected]NVD:CVE-2008-1026

HistoryApr 17, 2008 - 7:05 p.m.

CVE-2008-1026

2008-04-1719:05:00

CWE-119

[email protected]

web.nvd.nist.gov

6

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.099

Percentile

94.9%

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.

Affected configurations

Nvd

Node

applemac_os_xMatch10.4.11

OR

applemac_os_xMatch10.5.2

OR

applemac_os_x_serverMatch10.4.11

OR

applemac_os_x_serverMatch10.5.2

OR

microsoftwindows_vista

OR

microsoftwindows_xp

AND

applesafariMatch3

OR

applesafariMatch3.1

References

lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

lists.apple.com/archives/security-announce/2008/Apr/msg00001.html

secunia.com/advisories/29846

secunia.com/advisories/31074

securityreason.com/securityalert/3815

support.apple.com/kb/HT1467

www.securityfocus.com/archive/1/490990/100/0/threaded

www.securityfocus.com/bid/28815

www.securitytracker.com/id?1019870

www.vupen.com/english/advisories/2008/1250/references

www.vupen.com/english/advisories/2008/2094/references

www.zerodayinitiative.com/advisories/ZDI-08-022

exchange.xforce.ibmcloud.com/vulnerabilities/41859

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.099

Percentile

94.9%

Related for NVD:CVE-2008-1026

prion1 cvelist1 securityvulns2 ubuntucve1 zdi1 cve1 debiancve1 nessus2 seebug1