Lucene search

[email protected]NVD:CVE-2009-1687

HistoryJun 10, 2009 - 2:30 p.m.

CVE-2009-1687

2009-06-1014:30:00

CWE-399

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an “offset of a NULL pointer.”

Affected configurations

NVD

Node

applesafariRange≤4.0_betamac

applesafariMatch0.8mac

applesafariMatch0.9mac

applesafariMatch1.0mac

applesafariMatch1.0.3mac

applesafariMatch1.1mac

applesafariMatch1.2mac

applesafariMatch1.3mac

applesafariMatch1.3.1mac

applesafariMatch1.3.2mac

applesafariMatch2.0mac

applesafariMatch2.0.2mac

applesafariMatch2.0.4mac

applesafariMatch3.0mac

applesafariMatch3.0.2-mac

applesafariMatch3.0.3mac

applesafariMatch3.0.4mac

applesafariMatch3.1mac

applesafariMatch3.1.1mac

applesafariMatch3.1.2mac

applesafariMatch3.2.1mac

applesafariMatch3.2.3mac

Node

applesafariRange≤3.2.3windows

applesafariMatch3.0windows

applesafariMatch3.0.1windows

applesafariMatch3.0.2windows

applesafariMatch3.0.3windows

applesafariMatch3.0.4windows

applesafariMatch3.1windows

applesafariMatch3.1.1windows

applesafariMatch3.1.2windows

applesafariMatch3.2-windows

applesafariMatch3.2.1windows

applesafariMatch3.2.2windows

References

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

osvdb.org/54985

secunia.com/advisories/35379

secunia.com/advisories/36057

secunia.com/advisories/36062

secunia.com/advisories/36790

secunia.com/advisories/37746

secunia.com/advisories/43068

securitytracker.com/id?1022345

support.apple.com/kb/HT3613

support.apple.com/kb/HT3639

www.debian.org/security/2009/dsa-1950

www.mandriva.com/security/advisories?name=MDVSA-2009:330

www.securityfocus.com/bid/35260

www.securityfocus.com/bid/35309

www.ubuntu.com/usn/USN-822-1

www.ubuntu.com/usn/USN-836-1

www.ubuntu.com/usn/USN-857-1

www.vupen.com/english/advisories/2009/1522

www.vupen.com/english/advisories/2009/1621

www.vupen.com/english/advisories/2011/0212

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260

www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

Related for NVD:CVE-2009-1687

ubuntucve1 cvelist1 debiancve1 veracode1 cve1 prion1 openvas41 redhat1 osv4 debian5 nessus23 oraclelinux1 centos1 ubuntu3 fedora10 seebug1