CVE-2010-3812 — Integer Overflow or Wraparound in Apple Safari

CWE-189 CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

2.5%

top 14.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedNov 22

Latest updateMay 17

Description

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/safari5.0.2+52

Patches

Patch: support.apple.com ↗Patch: support.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-5p66-5j6r-4m29: Integer overflow in the Text::wholeText method in dom/Text↗2022-05-17

▶

OSV

CVE-2010-3812: Integer overflow in the Text::wholeText method in dom/Text↗2010-11-22

▶

📋Vendor Advisories

Ubuntu

WebKit vulnerabilities↗2011-08-23

▶

Red Hat

webkit: Integer overflow in WebKit's handling of Text objects↗2010-01-01

▶

💬Community

Bugzilla

CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206 CVE-2010-3812 CVE-2010-3813 CVE-2010-4577 CVE-2010-3255 CVE-2010-3119 webkitgtk various flaws [fedora-13]↗2011-01-04

▶

Bugzilla

CVE-2010-3812 webkit: Integer overflow in WebKit's handling of Text objects↗2011-01-04

▶