Lucene search
Charlie Miller, Jake Honoroff and Mark DanielZDI-08-022HistoryApr 16, 2008 - 12:00 a.m.
Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
2008-04-1600:00:00
Charlie Miller, Jake Honoroff and Mark Daniel
www.zerodayinitiative.com
16
EPSS
0.099
Percentile
94.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code.
References
Related
prion
prion
Integer overflow
2008-04-17 19:05:00
securityvulns
securityvulns
ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
2008-04-17 00:00:00
PCRE library buffer overflow
2008-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2008-1026
2008-04-17 00:00:00
cvelist
cvelist
CVE-2008-1026
2008-04-17 17:00:00
cve
cve
CVE-2008-1026
2008-04-17 19:05:00
debiancve
debiancve
CVE-2008-1026
2008-04-17 19:05:00
nvd
nvd
CVE-2008-1026
2008-04-17 19:05:00
nessus
nessus
Mac OS X : Apple Safari < 3.1.1
2008-04-18 00:00:00
Safari < 3.1.1 Multiple Vulnerabilities
2008-04-18 00:00:00
seebug
seebug
Apple Safari 3.1.1版本修复多个安全漏洞
2008-04-18 00:00:00