CVE-2009-1692
published 2009-06-19CVE-2009-1692: WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote…
PriorityP431high7.1CVSS 2.0
AVNACMAuNCNINAC
EXPLOIT
EPSS
4.24%
89.8th percentile
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
Affected
196 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| microsoft | internet_explorer | <= 8 | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| mozilla | firefox | <= 2.0.0.18 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv7.1HIGH
vendor_redhat7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8g9h-pmc4-wcr4: The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2541 [HIGH] CWE-400 GHSA-8g9h-pmc4-wcr4: The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large
The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
GHSA-75jf-fx6q-2qjm: Mozilla Firefox before 2
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2535 [HIGH] GHSA-75jf-fx6q-2qjm: Mozilla Firefox before 2
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
GHSA-9pp9-246q-p846: WebKit before r41741, as used in Apple iPhone OS 1
ghsa_unreviewed·2022-05-02
CVE-2009-1692 [HIGH] GHSA-9pp9-246q-p846: WebKit before r41741, as used in Apple iPhone OS 1
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
GHSA
GHSA-c42p-m5wc-8hf3: Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Sele
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2542 [HIGH] GHSA-c42p-m5wc-8hf3: Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Sele
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
GHSA-hcmh-25x8-w958: KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2537 [HIGH] GHSA-hcmh-25x8-w958: KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
GHSA-4fg2-8v24-w9hq: The Nokia N95 running Symbian OS 9
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2538 [HIGH] GHSA-4fg2-8v24-w9hq: The Nokia N95 running Symbian OS 9
The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet allow remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
GHSA-jmx7-35p9-v235: Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large in
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2536 [HIGH] GHSA-jmx7-35p9-v235: Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large in
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
GHSA-f5f6-2567-gcch: The Aigo P8860 allows remote attackers to cause a denial of service (memory consumption and browser hang) via a large integer value for the length pro
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2539 [HIGH] GHSA-f5f6-2567-gcch: The Aigo P8860 allows remote attackers to cause a denial of service (memory consumption and browser hang) via a large integer value for the length pro
The Aigo P8860 allows remote attackers to cause a denial of service (memory consumption and browser hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
GHSA-whgj-f82x-p3xc: Opera, possibly 9
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2540 [HIGH] CWE-770 GHSA-whgj-f82x-p3xc: Opera, possibly 9
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
GHSA
GHSA-qfrh-wqfx-qwvj: The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large i
ghsa_unreviewed·2022-05-02·CVSS 7.1
CVE-2009-2575 [HIGH] GHSA-qfrh-wqfx-qwvj: The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large i
The Research In Motion (RIM) BlackBerry 8800 allows remote attackers to cause a denial of service (memory consumption and browser crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
OSV
CVE-2009-1692: WebKit before r41741, as used in Apple iPhone OS 1
osv·2009-06-19·CVSS 7.1
CVE-2009-1692 [HIGH] CVE-2009-1692: WebKit before r41741, as used in Apple iPhone OS 1
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
Red Hat
Thunderbird: DoS via large length property of a Select object
vendor_redhat·2009-07-15·CVSS 7.1
CVE-2009-2535 [HIGH] Thunderbird: DoS via large length property of a Select object
Thunderbird: DoS via large length property of a Select object
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Red Hat
Konqueror: DoS via large length property of a Select object
vendor_redhat·2009-07-15·CVSS 7.1
CVE-2009-2537 [HIGH] Konqueror: DoS via large length property of a Select object
Konqueror: DoS via large length property of a Select object
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Statement: Red Hat does not consider a user-assisted crash of a client application such as Konqueror to be a security issue.
No detection rules found.
Bugzilla
CVE-2009-2535 Firefox, SeaMonkey, Thunderbird: DoS via large length property of a Select object
bugzilla·2009-07-21·CVSS 7.1
CVE-2009-2535 [HIGH] CVE-2009-2535 Firefox, SeaMonkey, Thunderbird: DoS via large length property of a Select object
CVE-2009-2535 Firefox, SeaMonkey, Thunderbird: DoS via large length property of a Select object
Common Vulnerabilities and Exposures assigned an identifier of CVE-2009-2535 to
the following vulnerability:
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and
Thunderbird allow remote attackers to cause a denial of service
(memory consumption and application crash) via a large integer value
for the length property of a Select object, a related issue to
CVE-2009-1692.
References:
http://www.securityfocus.com/archive/1/archive/1/504989/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/504988/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/504969/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/505006/100/0/threaded
http://www.milw0
Bugzilla
CVE-2009-2537 Konqueror: DoS via large length property of a Select object
bugzilla·2009-07-21·CVSS 7.1
CVE-2009-2537 [HIGH] CVE-2009-2537 Konqueror: DoS via large length property of a Select object
CVE-2009-2537 Konqueror: DoS via large length property of a Select object
Common Vulnerabilities and Exposures assigned an identifier of CVE-2009-2537 to
the following vulnerability:
KDE Konqueror allows remote attackers to cause a denial of service
(memory consumption) via a large integer value for the length property
of a Select object, a related issue to CVE-2009-1692.
References:
http://www.securityfocus.com/archive/1/archive/1/504989/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/504988/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/504969/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/505006/100/0/threaded
http://www.milw0rm.com/exploits/9160
http://www.g-sec.lu/one-bug-to-rule-them-all.html
Credit: Thierry Zoller
Proof of Conce
http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://osvdb.org/55242http://secunia.com/advisories/36977http://secunia.com/advisories/37746http://secunia.com/advisories/43068http://support.apple.com/kb/HT3639http://www.debian.org/security/2009/dsa-1950http://www.g-sec.lu/one-bug-to-rule-them-all.htmlhttp://www.securityfocus.com/archive/1/504969/100/0/threadedhttp://www.securityfocus.com/archive/1/504988/100/0/threadedhttp://www.securityfocus.com/archive/1/504989/100/0/threadedhttp://www.securityfocus.com/archive/1/505006/100/0/threadedhttp://www.securityfocus.com/bid/35414http://www.securityfocus.com/bid/35446http://www.vupen.com/english/advisories/2009/1621http://www.vupen.com/english/advisories/2011/0212https://bugs.webkit.org/show_bug.cgi?id=23319https://www.exploit-db.com/exploits/9160http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://osvdb.org/55242http://secunia.com/advisories/36977http://secunia.com/advisories/37746http://secunia.com/advisories/43068http://support.apple.com/kb/HT3639http://www.debian.org/security/2009/dsa-1950http://www.g-sec.lu/one-bug-to-rule-them-all.htmlhttp://www.securityfocus.com/archive/1/504969/100/0/threadedhttp://www.securityfocus.com/archive/1/504988/100/0/threadedhttp://www.securityfocus.com/archive/1/504989/100/0/threadedhttp://www.securityfocus.com/archive/1/505006/100/0/threadedhttp://www.securityfocus.com/bid/35414http://www.securityfocus.com/bid/35446http://www.vupen.com/english/advisories/2009/1621http://www.vupen.com/english/advisories/2011/0212https://bugs.webkit.org/show_bug.cgi?id=23319https://www.exploit-db.com/exploits/9160
2009-06-19
Published