CVE-2008-2303

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 14-07-2008 08:41

Last modified: - 09-08-2022 03:46

Total changes: - 2

Description

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

10.0

Base score

10.0

Exploitability score

Impact score

Verification logic

Reference

APPLE-SA-2008-07-11-
30186-
31074-
http://support.apple.com/kb/HT3298
APPLE-SA-2008-11-13-
ADV-2008-2094-
32706-
ipod-iphone-javascript-code-execution(43736)-

Keywords

CVE-2008-2303

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-2303

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures