Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4812Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
4.1%
top 11.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Safari
Timeline
PublishedSep 11
Latest updateMay 1

Description

Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari3.0.3

🔴Vulnerability Details

1
GHSA
GHSA-wqcv-r5jr-3r2x: Buffer overflow in Apple Safari 32022-05-01

💥Exploits & PoCs

1
Exploit-DB
Apple Safari 3.0.x for Windows - 'Document.Location.Hash' Buffer Overflow2007-06-25