CVE-2010-3257 — Use After Free in Apple Iphone OS

CWE-416 — Use After Free CWE-825 — Expired Pointer Dereference6 documents5 sources

Severity

9.3CRITICALNVD

EPSS

10.3%

top 6.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Google Chrome +2 more

Timeline

PublishedSep 7

Latest updateMay 13

Description

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDapple/safari5.0 — 5.0.3+1

▶NVDgoogle/chrome< 6.0.472.53

▶NVDwebkitgtk/webkitgtk< 1.2.6

▶NVDapple/iphone_os< 4.2

Also affects: Ubuntu Linux 10.04, 10.10, 9.10

🔴Vulnerability Details

GHSA

GHSA-rp6m-p8jm-p6fq: Use-after-free vulnerability in WebKit, as used in Apple Safari before 4↗2022-05-13

▶

📋Vendor Advisories

Red Hat

webkit: stale pointer issue with focusing↗2010-09-02

▶

📐Framework References

CWE

Expired Pointer Dereference↗

▶

💬Community

Bugzilla

CVE-2010-3257 webkit: stale pointer issue with focusing↗2010-10-05

▶

Bugzilla

CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 webkitgtk various flaws [fedora-all]↗2010-10-05

▶