CVE-2007-3944

EPSS 17.87%
Veröffentlicht 23.07.2007 16:30:00
Zuletzt bearbeitet 23.04.2026 00:35:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Safari Version3.0

Apple ≫ WebKit

Apple ≫ iPhone OS Version <= 1.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.87%	0.95

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://docs.info.apple.com/article.html?artnum=306173

http://secunia.com/advisories/26287

Vendor Advisory

http://www.vupen.com/english/advisories/2007/2731

Vendor Advisory

http://docs.info.apple.com/article.html?artnum=306174

http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin

http://www.securityevaluators.com/iphone/

http://www.securityevaluators.com/iphone/exploitingiphone.pdf

http://www.securityfocus.com/bid/25002

http://www.securitytracker.com/id?1018439

http://www.vupen.com/english/advisories/2007/2730