CVE-2014-1386 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
1.5%
top 18.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedAug 14
Latest updateMay 17

Description

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

â–¶NVDapple/safari6.1.5+17

🔴Vulnerability Details

2
GHSA
GHSA-7c48-8344-47v4: WebKit, as used in Apple Safari before 6↗2022-05-17
â–¶
OSV
CVE-2014-1386: WebKit, as used in Apple Safari before 6↗2014-08-14
â–¶

📋Vendor Advisories

1
Red Hat
webkitgtk: arbitrary code execution and denial of service↗2014-11-08
â–¶

💬Community

3
Bugzilla
CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 webkitgtk: arbitrary code execution and denial of service [fedora-21]↗2015-01-12
â–¶
Bugzilla
CVE-2014-1386 webkitgtk: arbitrary code execution and denial of service↗2015-01-12
â–¶
Bugzilla
CVE-2013-2871 CVE-2014-1388 CVE-2014-1299 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1344 CVE-2014-1298 CVE-2013-2927 CVE-2014-1297 CVE-2014-1390 CVE-2014-1292 CVE-2014-1389 CVE-↗2015-01-12
â–¶
CVE-2014-1386 — Apple Safari vulnerability | cvebase