Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3950Off-by-one Error in Apple Iphone

CWE-1894 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
6.5%
top 8.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple IphoneApple Ipod Touch
Timeline
PublishedSep 16
Latest updateMay 2

Description

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDapple/ipod_touch1.1.4, 2.0+1
NVDapple/iphone1.1.4, 2.0+1

Patches

Patch: www.coresecurity.comPatch: www.securityfocus.comPatch: www.coresecurity.com

🔴Vulnerability Details

2
GHSA
GHSA-rg6c-5mr3-37m9: Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 12022-05-02
CVEList
CVE-2008-3950: Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 12008-09-16

💥Exploits & PoCs

1
Exploit-DB
Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service2008-09-12
CVE-2008-3950 — Off-by-one Error in Apple Iphone | cvebase