9.3

CVE-2009-1687

Exploit

EPSS 7.36%
Published 10.06.2009 14:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

Affected products Warnungen 0 Metrics 2 CWE 0 References 31

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Safari Editionmac Version <= 4.0_beta

Apple ≫ Safari Version0.8 Editionmac

Apple ≫ Safari Version0.9 Editionmac

Apple ≫ Safari Version1.0 Editionmac

Apple ≫ Safari Version1.0.3 Editionmac

Apple ≫ Safari Version1.1 Editionmac

Apple ≫ Safari Version1.2 Editionmac

Apple ≫ Safari Version1.3 Editionmac

Apple ≫ Safari Version1.3.1 Editionmac

Apple ≫ Safari Version1.3.2 Editionmac

Apple ≫ Safari Version2.0 Editionmac

Apple ≫ Safari Version2.0.2 Editionmac

Apple ≫ Safari Version2.0.4 Editionmac

Apple ≫ Safari Version3.0 Editionmac

Apple ≫ Safari Version3.0.2 Update- Editionmac

Apple ≫ Safari Version3.0.3 Editionmac

Apple ≫ Safari Version3.0.4 Editionmac

Apple ≫ Safari Version3.1 Editionmac

Apple ≫ Safari Version3.1.1 Editionmac

Apple ≫ Safari Version3.1.2 Editionmac

Apple ≫ Safari Version3.2.1 Editionmac

Apple ≫ Safari Version3.2.3 Editionmac

Apple ≫ Safari Editionwindows Version <= 3.2.3

Apple ≫ Safari Version3.0 Editionwindows

Apple ≫ Safari Version3.0.1 Editionwindows

Apple ≫ Safari Version3.0.2 Editionwindows

Apple ≫ Safari Version3.0.3 Editionwindows

Apple ≫ Safari Version3.0.4 Editionwindows

Apple ≫ Safari Version3.1 Editionwindows

Apple ≫ Safari Version3.1.1 Editionwindows

Apple ≫ Safari Version3.1.2 Editionwindows

Apple ≫ Safari Version3.2 Update- Editionwindows

Apple ≫ Safari Version3.2.1 Editionwindows

Apple ≫ Safari Version3.2.2 Editionwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.36%	0.913

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Vendor Advisory

http://secunia.com/advisories/35379

Vendor Advisory

http://support.apple.com/kb/HT3613

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1522

Patch

Vendor Advisory

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://support.apple.com/kb/HT3639

http://www.vupen.com/english/advisories/2009/1621

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/43068

http://www.vupen.com/english/advisories/2011/0212

http://secunia.com/advisories/36062

http://secunia.com/advisories/36790

http://secunia.com/advisories/37746

http://www.debian.org/security/2009/dsa-1950

http://www.ubuntu.com/usn/USN-822-1

http://www.ubuntu.com/usn/USN-836-1

http://www.ubuntu.com/usn/USN-857-1

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html

http://www.securityfocus.com/bid/35260

Exploit

http://securitytracker.com/id?1022345

Patch

http://osvdb.org/54985

http://secunia.com/advisories/36057

http://www.mandriva.com/security/advisories?name=MDVSA-2009:330

http://www.securityfocus.com/bid/35309

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html

https://nvd.nist.gov/vuln/detail/CVE-2009-1687

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1687

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1687

EUVD