Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0050Use After Free in Apple Iphone OS

CWE-416Use After Free7 documents6 sources
Severity
8.8HIGHNVD
EPSS
46.4%
top 2.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Apple Iphone OSApple SafariCanonical Ubuntu Linux+2 more
Timeline
PublishedMar 15
Latest updateMay 2

Description

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDapple/safari< 4.0.5
NVDapple/iphone_os2.04.0
NVDopensuse/opensuse11.2, 11.3+1

Also affects: Fedora 11, 12, 13, Ubuntu Linux 10.04, 10.10, 9.10

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-x35p-q7vp-559r: Use-after-free vulnerability in WebKit in Apple Safari before 42022-05-02

💥Exploits & PoCs

2
Exploit-DB
QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit)2010-07-03
Exploit-DB
Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service2010-04-27

📋Vendor Advisories

1
Red Hat
webkitgtk: multiple security vulnerabilities in WebKit2010-03-11

📐Framework References

1
CWE
Use After Free

💬Community

1
Bugzilla
CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054 qt, webkitgtk: multiple security vulnerabilities in WebKit2010-03-03