Lucene search

[email protected]CVE-2008-1026

HistoryApr 17, 2008 - 7:05 p.m.

CVE-2008-1026

2008-04-1719:05:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

integer overflow

pcre

apple webkit

safari

code execution

buffer overflow

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.4%

JSON

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.

CPENameOperatorVersion
apple:safariapple safarieq3
apple:safariapple safarieq3.1

CPE	Name	Operator	Version
apple:safari	apple safari	eq	3
apple:safari	apple safari	eq	3.1

References

lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

lists.apple.com/archives/security-announce/2008/Apr/msg00001.html

secunia.com/advisories/29846

secunia.com/advisories/31074

securityreason.com/securityalert/3815

support.apple.com/kb/HT1467

www.securityfocus.com/archive/1/490990/100/0/threaded

www.securityfocus.com/bid/28815

www.securitytracker.com/id?1019870

www.vupen.com/english/advisories/2008/1250/references

www.vupen.com/english/advisories/2008/2094/references

www.zerodayinitiative.com/advisories/ZDI-08-022

exchange.xforce.ibmcloud.com/vulnerabilities/41859

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2008-1026

securityvulns2 cvelist1 prion1 ubuntucve1 zdi1 debiancve1 nessus2 seebug1