CVE-2008-2307 — Out-of-bounds Write in Apple Safari

CWE-399 CWE-1898 documents4 sources

Severity

10.0CRITICALNVD

NVD9.3

EPSS

10.3%

top 6.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJun 23

Latest updateMay 2

Description

Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/safari3.1.1+6

Patches

Patch: lists.apple.com ↗Patch: www.securityfocus.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-4m5c-wmrf-g2j6: Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (applic↗2022-05-02

▶

GHSA

GHSA-9622-pfwg-vcxc: Integer signedness error in Safari on Apple iPhone before 2↗2022-05-01

▶

GHSA

GHSA-2whf-mx89-7886: Unspecified vulnerability in WebKit in Apple Safari before 3↗2022-05-01

▶

📋Vendor Advisories

Red Hat

WebKit: memory corruption in handling of JavaScript arrays↗2008-06-19

▶

💬Community

Bugzilla

CVE-2008-2307 WebKit: memory corruption in handling of JavaScript arrays↗2008-07-04

▶