CVE-2010-0924Heap-based Buffer Overflow in Apple Safari

CWE-122Heap-based Buffer Overflow4 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 27.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedMar 3
Latest updateMay 2

Description

cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari4.0.3, 4.0.4+1

🔴Vulnerability Details

1
GHSA
GHSA-4q7x-c564-25jq: cfnetwork2022-05-02

📋Vendor Advisories

2
Red Hat
Wireshark: Heap-based buffer overflow in LDSS dissector2010-11-18
Red Hat
wireshark: stack overflow in BER dissector2010-09-13