CVE-2008-3950

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
appleiphone
1.1.4
appleiphone
2.0
appleipod_touch
1.1.4
appleipod_touch
2.0
applesafari
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
webkit
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
feisty
dne
dapper
dne
Common Weakness Enumeration
References
http://securityreason.com/securityalert/4264
http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service
http://www.securityfocus.com/archive/1/496321/100/0/threaded
http://www.securityfocus.com/bid/31061
http://securityreason.com/securityalert/4264
http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service
http://www.securityfocus.com/archive/1/496321/100/0/threaded
http://www.securityfocus.com/bid/31061