CVE-2009-2421Improper Input Validation in Apple Safari

CWE-20Improper Input Validation2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
1.6%
top 18.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedJul 9
Latest updateMay 2

Description

The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari3.2.3

🔴Vulnerability Details

1
GHSA
GHSA-g7r2-48fm-96cq: The CFCharacterSetInitInlineBuffer method in CoreFoundation2022-05-02