Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1303 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow6 documents5 sources

Severity

10.0CRITICALNVD

EPSS

44.8%

top 2.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedMar 26

Latest updateMay 17

Description

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/safari7.0.2

🔴Vulnerability Details

GHSA

GHSA-j8m8-7p44-642f: Heap-based buffer overflow in Apple Safari 7↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow↗2017-08-19

▶

Exploit-DB

Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC)↗2016-04-21

▶

📋Vendor Advisories

Red Hat

webkitgtk: heap-based buffer overflow (WSA-2015-0001)↗2015-01-26

▶

💬Community

Bugzilla

CVE-2014-1303 webkitgtk: heap-based buffer overflow (WSA-2015-0001)↗2015-01-27

▶