CVE-2008-3632

CWE-3994 documents4 sources

Severity

9.3CRITICAL

EPSS

10.6%

top 6.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone Apple Iphone OS Apple Ipod Touch

Timeline

PublishedSep 11

Latest updateMay 2

Description

Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDapple/ipod_touch8 versions+7

▶NVDapple/iphone6 versions+5

▶NVDapple/iphone_os1.1.1, 1.1.2+1

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-3p8g-7gxj-j8h5: Use-after-free vulnerability in WebKit in Apple iPod touch 1↗2022-05-02

▶

CVEList

CVE-2008-3632: Use-after-free vulnerability in WebKit in Apple iPod touch 1↗2008-09-10

▶

📋Vendor Advisories

Ubuntu

WebKit vulnerability↗2008-11-24

▶