Vulnerability-Lookup

CVE-2009-1687 (GCVE-0-2009-1687)

Vulnerability from cvelistv5 – Published: 2009-06-10 14:00 – Updated: 2024-08-07 05:20

Summary

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/54985	vdb-entryx_refsource_OSVDB
	http://www.ubuntu.com/usn/USN-822-1	vendor-advisoryx_refsource_UBUNTU
	http://support.apple.com/kb/HT3639	x_refsource_CONFIRM
	http://secunia.com/advisories/43068	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2009/1621	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0212	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/bid/35260	vdb-entryx_refsource_BID
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/bid/35309	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2009/1522	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/37746	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1022345	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/36790	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.debian.org/security/2009/dsa-1950	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/35379	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/36062	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-857-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/36057	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://support.apple.com/kb/HT3613	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-836-1	vendor-advisoryx_refsource_UBUNTU
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:20:35.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54985",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54985"
          },
          {
            "name": "USN-822-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-822-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3639"
          },
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "FEDORA-2009-8039",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
          },
          {
            "name": "MDVSA-2009:330",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
          },
          {
            "name": "ADV-2009-1621",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1621"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "APPLE-SA-2009-06-08-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
          },
          {
            "name": "35260",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35260"
          },
          {
            "name": "FEDORA-2009-8046",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
          },
          {
            "name": "35309",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35309"
          },
          {
            "name": "ADV-2009-1522",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1522"
          },
          {
            "name": "37746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37746"
          },
          {
            "name": "1022345",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022345"
          },
          {
            "name": "36790",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36790"
          },
          {
            "name": "APPLE-SA-2009-06-17-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10260",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260"
          },
          {
            "name": "DSA-1950",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1950"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "35379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35379"
          },
          {
            "name": "36062",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36062"
          },
          {
            "name": "USN-857-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-857-1"
          },
          {
            "name": "36057",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36057"
          },
          {
            "name": "FEDORA-2009-8049",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3613"
          },
          {
            "name": "USN-836-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-836-1"
          },
          {
            "name": "FEDORA-2009-8020",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "54985",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54985"
        },
        {
          "name": "USN-822-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-822-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3639"
        },
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "name": "FEDORA-2009-8039",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
        },
        {
          "name": "MDVSA-2009:330",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
        },
        {
          "name": "ADV-2009-1621",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1621"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "name": "APPLE-SA-2009-06-08-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
        },
        {
          "name": "35260",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35260"
        },
        {
          "name": "FEDORA-2009-8046",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
        },
        {
          "name": "35309",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35309"
        },
        {
          "name": "ADV-2009-1522",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1522"
        },
        {
          "name": "37746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37746"
        },
        {
          "name": "1022345",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022345"
        },
        {
          "name": "36790",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36790"
        },
        {
          "name": "APPLE-SA-2009-06-17-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10260",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260"
        },
        {
          "name": "DSA-1950",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1950"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "name": "35379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35379"
        },
        {
          "name": "36062",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36062"
        },
        {
          "name": "USN-857-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-857-1"
        },
        {
          "name": "36057",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36057"
        },
        {
          "name": "FEDORA-2009-8049",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3613"
        },
        {
          "name": "USN-836-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-836-1"
        },
        {
          "name": "FEDORA-2009-8020",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1687",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54985",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54985"
            },
            {
              "name": "USN-822-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-822-1"
            },
            {
              "name": "http://support.apple.com/kb/HT3639",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3639"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "FEDORA-2009-8039",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
            },
            {
              "name": "MDVSA-2009:330",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
            },
            {
              "name": "ADV-2009-1621",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1621"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "APPLE-SA-2009-06-08-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
            },
            {
              "name": "35260",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35260"
            },
            {
              "name": "FEDORA-2009-8046",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
            },
            {
              "name": "35309",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35309"
            },
            {
              "name": "ADV-2009-1522",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1522"
            },
            {
              "name": "37746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37746"
            },
            {
              "name": "1022345",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022345"
            },
            {
              "name": "36790",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36790"
            },
            {
              "name": "APPLE-SA-2009-06-17-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10260",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260"
            },
            {
              "name": "DSA-1950",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1950"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "35379",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35379"
            },
            {
              "name": "36062",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36062"
            },
            {
              "name": "USN-857-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-857-1"
            },
            {
              "name": "36057",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36057"
            },
            {
              "name": "FEDORA-2009-8049",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3613",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3613"
            },
            {
              "name": "USN-836-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-836-1"
            },
            {
              "name": "FEDORA-2009-8020",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1687",
    "datePublished": "2009-06-10T14:00:00.000Z",
    "dateReserved": "2009-05-20T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:20:35.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-223

Vulnerability from certfr_avis - Published: 2009-06-10 - Updated: 2009-06-10

De multiples vulnérabilités dans Apple Safari permettant, entre autre, l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Apple Safari ont été corrigées dont :

Des images identifiées comme des fichiers HTML permettent l'exécution automatique de Javascript ;
plusieurs corruptions mémoire affectant le composant CoreGraphics permettent l'exécution de code arbitraire (Microsoft Windows) à distance ;
plusieurs vulnérabilités affectent le composant WebKit et permettent, entre autre, des attaques en XSS ou l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de Safari antérieures à 4.0 pour les systèmes d'exploitation suivants :

Mac OS X 10.4.x ;
Mac OS X 10.5.x ;
Mac OS X Server 10.4.x ;
Mac OS X Server 10.5.x ;
Windows XP ;
Windows Vista.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3613 du 8 juin 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3613 du 08 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions de Safari ant\u00e9rieures \u00e0  4.0 pour les syst\u00e8mes d\u0027exploitation suivants :  \u003cUL\u003e    \u003cLI\u003eMac OS X 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eWindows XP ;\u003c/LI\u003e    \u003cLI\u003eWindows Vista.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Apple Safari ont \u00e9t\u00e9 corrig\u00e9es dont :\n\n-   Des images identifi\u00e9es comme des fichiers HTML permettent\n    l\u0027ex\u00e9cution automatique de Javascript ;\n-   plusieurs corruptions m\u00e9moire affectant le composant CoreGraphics\n    permettent l\u0027ex\u00e9cution de code arbitraire (Microsoft Windows) \u00e0\n    distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s affectent le composant WebKit et\n    permettent, entre autre, des attaques en XSS ou l\u0027ex\u00e9cution de code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2783"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1710"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2009-1696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1696"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2009-1709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1709"
    },
    {
      "name": "CVE-2009-1708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1708"
    },
    {
      "name": "CVE-2009-1704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1704"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1682"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2009-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1705"
    },
    {
      "name": "CVE-2009-1703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1703"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-1712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1712"
    },
    {
      "name": "CVE-2009-1714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1714"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3632"
    },
    {
      "name": "CVE-2009-1681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1681"
    },
    {
      "name": "CVE-2009-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1718"
    },
    {
      "name": "CVE-2008-1588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1588"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1713"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1716"
    },
    {
      "name": "CVE-2009-1706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1706"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2009-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1711"
    },
    {
      "name": "CVE-2008-4231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4231"
    },
    {
      "name": "CVE-2009-1715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1715"
    }
  ],
  "initial_release_date": "2009-06-10T00:00:00",
  "last_revision_date": "2009-06-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 08 juin 2009 :",
      "url": "http://support.apple.com/kb/HT3613"
    }
  ],
  "reference": "CERTA-2009-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple Safari permettant, entre autre,\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 8 juin 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-243

Vulnerability from certfr_avis - Published: 2009-06-19 - Updated: 2009-06-19

De multiples vulérabilités permettant de réaliser un grand nombre d'actions malveillantes ont été découvertes dans le système d'exploitation des iPhones et des iPods Touch.

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation des iPhones et des iPods Touch. L'exploitation de ces vulnérabilités permet à une personne malveillante de réaliser un grand nombre d'actions, dont l'execution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple iPod Touch Os versions antérieures à la version 3.0.
	Apple	N/A	Apple iPhone Os versions antérieures à la version 3.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3639 du 17 juin 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iPod Touch Os versions ant\u00e9rieures \u00e0 la version 3.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iPhone Os versions ant\u00e9rieures \u00e0 la version 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation des iPhones et des iPods Touch. L\u0027exploitation de ces\nvuln\u00e9rabilit\u00e9s permet \u00e0 une personne malveillante de r\u00e9aliser un grand\nnombre d\u0027actions, dont l\u0027execution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1683"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3623"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1679"
    },
    {
      "name": "CVE-2009-1692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1692"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1680"
    },
    {
      "name": "CVE-2009-0958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0958"
    },
    {
      "name": "CVE-2009-0959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0959"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2009-0961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0961"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "initial_release_date": "2009-06-19T00:00:00",
  "last_revision_date": "2009-06-19T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-243",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vul\u00e9rabilit\u00e9s permettant de r\u00e9aliser un grand nombre\nd\u0027actions malveillantes ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation des iPhones et des iPods Touch.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de l\u0027OS iPhone et iPod Touch d\u0027Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3639 du 17 juin 2009",
      "url": "http://support.apple.com/kb/HT3639"
    }
  ]
}

FKIE_CVE-2009-1687

Vulnerability from fkie_nvd - Published: 2009-06-10 14:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
cve@mitre.org	http://osvdb.org/54985
cve@mitre.org	http://secunia.com/advisories/35379	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36057
cve@mitre.org	http://secunia.com/advisories/36062
cve@mitre.org	http://secunia.com/advisories/36790
cve@mitre.org	http://secunia.com/advisories/37746
cve@mitre.org	http://secunia.com/advisories/43068
cve@mitre.org	http://securitytracker.com/id?1022345	Patch
cve@mitre.org	http://support.apple.com/kb/HT3613	Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3639
cve@mitre.org	http://www.debian.org/security/2009/dsa-1950
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
cve@mitre.org	http://www.securityfocus.com/bid/35260	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/35309
cve@mitre.org	http://www.ubuntu.com/usn/USN-822-1
cve@mitre.org	http://www.ubuntu.com/usn/USN-836-1
cve@mitre.org	http://www.ubuntu.com/usn/USN-857-1
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1621
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0212
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/54985
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35379	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36057
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36062
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36790
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37746
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022345	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3613	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3639
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1950
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35260	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35309
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-822-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-836-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-857-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1621
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html

Impacted products

Vendor	Product	Version
apple	safari	*
apple	safari	0.8
apple	safari	0.9
apple	safari	1.0
apple	safari	1.0.3
apple	safari	1.1
apple	safari	1.2
apple	safari	1.3
apple	safari	1.3.1
apple	safari	1.3.2
apple	safari	2.0
apple	safari	2.0.2
apple	safari	2.0.4
apple	safari	3.0
apple	safari	3.0.2
apple	safari	3.0.3
apple	safari	3.0.4
apple	safari	3.1
apple	safari	3.1.1
apple	safari	3.1.2
apple	safari	3.2.1
apple	safari	3.2.3
apple	safari	*
apple	safari	3.0
apple	safari	3.0.1
apple	safari	3.0.2
apple	safari	3.0.3
apple	safari	3.0.4
apple	safari	3.1
apple	safari	3.1.1
apple	safari	3.1.2
apple	safari	3.2
apple	safari	3.2.1
apple	safari	3.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "2AA3463B-FB1D-4957-A738-946399B1B9DB",
              "versionEndIncluding": "4.0_beta",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*",
              "matchCriteriaId": "1F5F96DD-BD44-497B-A05E-326819BC46F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*",
              "matchCriteriaId": "2B00DC91-9895-405E-B9B4-211ABC3728DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*",
              "matchCriteriaId": "82C4A098-7EAC-4611-B621-3F0EB1B15960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*",
              "matchCriteriaId": "56B016E7-C403-42AC-BF75-9BA723122A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "83CFAFD2-630E-4DB9-B187-6918CFE3075C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*",
              "matchCriteriaId": "F03B8DC9-B295-42A8-904F-3D1F827FFECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*",
              "matchCriteriaId": "1876BC3B-B207-4E81-A0A7-259AFE6F2DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "03BBCC9D-E160-4614-B2B8-6359FE644E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*",
              "matchCriteriaId": "CDB6B46E-30E1-4E16-A941-F5E19AB34493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*",
              "matchCriteriaId": "E783789C-C5D4-47A2-A947-D19793B182E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*",
              "matchCriteriaId": "CE3C68CF-21A2-47D8-84F2-FD3219E90043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*",
              "matchCriteriaId": "4D4AD962-D9AD-48E5-9B53-E3C1593D43CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*",
              "matchCriteriaId": "30FA25DB-3525-4755-B038-6572B2457CF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*",
              "matchCriteriaId": "9270F5C4-63B9-48C5-9D6D-9CDA1461205C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9BE1D829-A6C9-4B5C-971B-5515FB92061D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*",
              "matchCriteriaId": "8BC133D1-E120-4B84-85DC-1D528CB77FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "90D8505E-35D2-40A1-9D75-1A023C4DD65E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "1D087ECA-D214-4A6B-8F64-7F8AABB14706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*",
              "matchCriteriaId": "B4ABDE92-E8A8-431D-BF9C-9A54667A8664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "94956778-7E73-4B42-B7B1-0D11837B8476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*",
              "matchCriteriaId": "AC54BF41-2BF6-4604-AEFA-532453AB91E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
              "matchCriteriaId": "F1F650EC-4778-4233-9CF5-2B809CE4C799",
              "versionEndIncluding": "3.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*",
              "matchCriteriaId": "A588615E-EE35-4E19-8BDA-598ED9664686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "32024B14-B4F7-466E-AEF2-0D3A7E8E1060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*",
              "matchCriteriaId": "D137F48A-E670-4BDB-B003-C6BB2A33F250",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*",
              "matchCriteriaId": "85AB4EDB-408D-4D2F-95BE-B578455EFA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "0B256D38-257B-4C3D-9EA5-2255BF3A329C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "158AEA23-B5DB-4CBC-8391-2D97233A8E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "218FBDC4-29AF-4BA1-A3FE-4E19B0E3E654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*",
              "matchCriteriaId": "77F31F4B-5305-4D75-9277-95EF99A969A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "BDE11F09-3D57-4CF0-8165-90FB234CC403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "99118352-6845-4704-B4A3-F98E8C06E0FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\""
    },
    {
      "lang": "es",
      "value": "El JavaScript garbage collector en WebKit en Apple Safari anteriores a v4.0 no maneja adecuadamente la localizaci\u00f3n de fallos, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un documento HTML manipulado que lanza acceso de escritura a un \"offset de un puntero NULL\"."
    }
  ],
  "id": "CVE-2009-1687",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T14:30:00.327",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/54985"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36062"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36790"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37746"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1022345"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3639"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35309"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-822-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-836-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-857-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1621"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1022345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-822-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-836-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-857-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PH64-WM3P-CQ9Q

Vulnerability from github – Published: 2022-05-02 03:27 – Updated: 2022-05-02 03:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1687"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-10T14:30:00Z",
    "severity": "HIGH"
  },
  "details": "The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\"",
  "id": "GHSA-ph64-wm3p-cq9q",
  "modified": "2022-05-02T03:27:28Z",
  "published": "2022-05-02T03:27:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1687"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/54985"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36057"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36062"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36790"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37746"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022345"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3639"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1950"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35309"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-822-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-836-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-857-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1621"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-1687

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1687

Aliases

CVE-2009-1687

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1687",
    "description": "The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\"",
    "id": "GSD-2009-1687",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1687.html",
      "https://www.debian.org/security/2010/dsa-1988",
      "https://www.debian.org/security/2009/dsa-1950",
      "https://www.debian.org/security/2009/dsa-1868",
      "https://www.debian.org/security/2009/dsa-1867",
      "https://access.redhat.com/errata/RHSA-2009:1127",
      "https://linux.oracle.com/cve/CVE-2009-1687.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1687"
      ],
      "details": "The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\"",
      "id": "GSD-2009-1687",
      "modified": "2023-12-13T01:19:47.478744Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1687",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "54985",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/54985"
          },
          {
            "name": "USN-822-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-822-1"
          },
          {
            "name": "http://support.apple.com/kb/HT3639",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3639"
          },
          {
            "name": "43068",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "FEDORA-2009-8039",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
          },
          {
            "name": "MDVSA-2009:330",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
          },
          {
            "name": "ADV-2009-1621",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1621"
          },
          {
            "name": "ADV-2011-0212",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "APPLE-SA-2009-06-08-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
          },
          {
            "name": "35260",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35260"
          },
          {
            "name": "FEDORA-2009-8046",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
          },
          {
            "name": "35309",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35309"
          },
          {
            "name": "ADV-2009-1522",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1522"
          },
          {
            "name": "37746",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37746"
          },
          {
            "name": "1022345",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1022345"
          },
          {
            "name": "36790",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36790"
          },
          {
            "name": "APPLE-SA-2009-06-17-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10260",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260"
          },
          {
            "name": "DSA-1950",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1950"
          },
          {
            "name": "SUSE-SR:2011:002",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "35379",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35379"
          },
          {
            "name": "36062",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36062"
          },
          {
            "name": "USN-857-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-857-1"
          },
          {
            "name": "36057",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36057"
          },
          {
            "name": "FEDORA-2009-8049",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3613",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3613"
          },
          {
            "name": "USN-836-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-836-1"
          },
          {
            "name": "FEDORA-2009-8020",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0_beta",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1687"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an \"offset of a NULL pointer.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022345",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1022345"
            },
            {
              "name": "35379",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/35379"
            },
            {
              "name": "35260",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/35260"
            },
            {
              "name": "ADV-2009-1522",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1522"
            },
            {
              "name": "APPLE-SA-2009-06-08-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3613",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3613"
            },
            {
              "name": "54985",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/54985"
            },
            {
              "name": "35309",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/35309"
            },
            {
              "name": "APPLE-SA-2009-06-17-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3639",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3639"
            },
            {
              "name": "ADV-2009-1621",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1621"
            },
            {
              "name": "36062",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36062"
            },
            {
              "name": "36057",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36057"
            },
            {
              "name": "FEDORA-2009-8046",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
            },
            {
              "name": "FEDORA-2009-8039",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
            },
            {
              "name": "FEDORA-2009-8020",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
            },
            {
              "name": "FEDORA-2009-8049",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
            },
            {
              "name": "USN-822-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-822-1"
            },
            {
              "name": "DSA-1950",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1950"
            },
            {
              "name": "37746",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37746"
            },
            {
              "name": "MDVSA-2009:330",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
            },
            {
              "name": "USN-857-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-857-1"
            },
            {
              "name": "36790",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36790"
            },
            {
              "name": "USN-836-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-836-1"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10260",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-29T01:34Z",
      "publishedDate": "2009-06-10T14:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1687 (GCVE-0-2009-1687)

CERTA-2009-AVI-223

Description

Solution

CERTA-2009-AVI-243

Description

Solution

FKIE_CVE-2009-1687

GHSA-PH64-WM3P-CQ9Q

GSD-2009-1687

Tags

Sightings

Nomenclature