← back
CVE-2008-3950

CVE-2008-3950

EPSS 7.1%
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/32341unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/4264http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-servicehttp://www.securityfocus.com/archive/1/496321/100/0/threadedhttp://www.securityfocus.com/bid/31061