CVE-2014-1331 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
1.8%
top 17.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedMay 22
Latest updateMay 17

Description

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

â–¶NVDapple/safari6.1.3+13

🔴Vulnerability Details

2
GHSA
GHSA-fjcm-m87j-p948: WebKit, as used in Apple Safari before 6↗2022-05-17
â–¶
OSV
CVE-2014-1331: WebKit, as used in Apple Safari before 6↗2014-05-22
â–¶

💥Exploits & PoCs

3
Exploit-DB
Seagate BlackArmor NAS sg2000-2000.1331 - Cross-Site Request Forgery↗2014-01-06
â–¶
Exploit-DB
Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities↗2014-01-06
â–¶
Exploit-DB
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution↗2014-01-06
â–¶

📋Vendor Advisories

1
Red Hat
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26
â–¶

💬Community

1
Bugzilla
CVE-2014-1331 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27
â–¶
CVE-2014-1331 — Apple Safari vulnerability | cvebase