CVE-2016-10226 — Out-of-bounds Read in Apple Safari

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedApr 3

Latest updateMay 17

Description

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDapple/safari18

🔴Vulnerability Details

GHSA

GHSA-w3r5-2wf8-7h7g: JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-o↗2022-05-17

▶

OSV

CVE-2016-10226: JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-o↗2017-04-03

▶