Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3272 — Apple Safari vulnerability

CWE-3994 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

3.3%

top 12.71%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedSep 21

Latest updateMay 2

Description

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari5 versions+4

🔴Vulnerability Details

GHSA

GHSA-vmg6-7v27-vwrg: Stack consumption vulnerability in WebKit↗2022-05-02

▶

OSV

CVE-2009-3272: Stack consumption vulnerability in WebKit↗2009-09-21

▶

💥Exploits & PoCs

Exploit-DB

Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service↗2009-09-09

▶