CVE-2008-1026 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

5.3%

top 9.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedApr 17

Latest updateMay 1

Description

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/safari3, 3.1+1

Patches

Patch: support.apple.com ↗Patch: www.zerodayinitiative.com ↗Patch: support.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-x8jx-f436-2vp7: Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile↗2022-05-01

▶

📋Vendor Advisories

Red Hat

WebKit: Integer overflow in the PCRE regular expression compiler↗2008-03-28

▶

💬Community

Bugzilla

CVE-2008-1026 WebKit: Integer overflow in the PCRE regular expression compiler↗2008-04-23

▶