CVE-2008-1026
Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.
Desbordamiento de entero en el compilador de expresiones regulares PCRE (JavaScriptCore/pcre/pcre_compile.cpp) en Apple WebKit, como se utiliza en Safari en versiones anteriores a 3.1.1, permite a atacantes remotos ejecutar código arbitrario a través de expresiones regulares con grandes conteos de repetición anidados, lo que desencadena un desbordamiento de búfer basado en memoria dinámica.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code.
*Credits:
Charlie Miller, Jake Honoroff and Mark Daniel
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-02-26 CVE Reserved
- 2008-04-16 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/29846 | Third Party Advisory | |
| http://secunia.com/advisories/31074 | Third Party Advisory | |
| http://securityreason.com/securityalert/3815 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/490990/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28815 | Vdb Entry | |
| http://www.securitytracker.com/id?1019870 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1250/references | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2094/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41859 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.apple.com/kb/HT1467 | 2018-10-11 | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-022 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3 Search vendor "Apple" for product "Safari" and version "3" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.11 Search vendor "Apple" for product "Mac Os X" and version "10.4.11" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3 Search vendor "Apple" for product "Safari" and version "3" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.2 Search vendor "Apple" for product "Mac Os X" and version "10.5.2" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3 Search vendor "Apple" for product "Safari" and version "3" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.4.11 Search vendor "Apple" for product "Mac Os X Server" and version "10.4.11" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3 Search vendor "Apple" for product "Safari" and version "3" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.2 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.2" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3 Search vendor "Apple" for product "Safari" and version "3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3 Search vendor "Apple" for product "Safari" and version "3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1 Search vendor "Apple" for product "Safari" and version "3.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.4.11 Search vendor "Apple" for product "Mac Os X" and version "10.4.11" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1 Search vendor "Apple" for product "Safari" and version "3.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.5.2 Search vendor "Apple" for product "Mac Os X" and version "10.5.2" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1 Search vendor "Apple" for product "Safari" and version "3.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.4.11 Search vendor "Apple" for product "Mac Os X Server" and version "10.4.11" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1 Search vendor "Apple" for product "Safari" and version "3.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Server Search vendor "Apple" for product "Mac Os X Server" | 10.5.2 Search vendor "Apple" for product "Mac Os X Server" and version "10.5.2" | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1 Search vendor "Apple" for product "Safari" and version "3.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Safe
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1 Search vendor "Apple" for product "Safari" and version "3.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | - |
Safe
|