CVE-2008-1026

Published: Apr 17, 2008Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.

Affected (2)

Products: Apple: Safari

1 product

Configuration A

2 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Apple Safari	Version 3.1
Apple Safari	Version 3

Running on/with	Platform Versions
Apple Mac Os X	Version 10.4.11
Apple Mac Os X	Version 10.5.2
Apple Mac Os X Server	Version 10.4.11
Apple Mac Os X Server	Version 10.5.2
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (26)

http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/29846

Source: cve@mitre.org

http://secunia.com/advisories/31074

Source: cve@mitre.org

http://securityreason.com/securityalert/3815

Source: cve@mitre.org

http://support.apple.com/kb/HT1467

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/490990/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/28815

Source: cve@mitre.org

http://www.securitytracker.com/id?1019870

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1250/references

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2094/references

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-08-022

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/41859

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29846

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31074

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/3815

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT1467

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/490990/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28815

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019870

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1250/references

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2094/references

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-08-022

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/41859

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.