Vulnerability Name:

CVE-2007-3944 (CCN-35577)

Assigned:2007-07-23
Published:2007-07-23
Updated:2017-07-29
Summary:Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions.
Note: this issue was originally reported only for MobileSafari on the iPhone.
Note: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-3944

Source: CCN
Type: Apple Security Update 2007-007
About Security Update 2007-007

Source: CCN
Type: iPhone v1.0.1 Update
About the security content of iPhone v1.0.1 Update

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=306173

Source: CCN
Type: Apple Safari 3 Beta Update 3.0.3
About the security content of Safari 3 Beta Update 3.0.3

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=306174

Source: CCN
Type: Apple Web site
Apple security updates

Source: CCN
Type: SA26287
Apple iPhone Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
26287

Source: CCN
Type: SECTRACK ID: 1018439
Safari and iPhone MobileSafari Buffer Overflow Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Apple Safari Web site
Apple - Safari 3 Public Beta

Source: MISC
Type: UNKNOWN
http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin

Source: CCN
Type: OSVDB ID: 36453
Apple Safari / iPhone WebKit Perl-Compatible Regular Expressions (PCRE) Multiple Overflows

Source: CCN
Type: Independent Security Evaluators Web site
ISE discovers security vulnerabilities in the iPhone

Source: MISC
Type: UNKNOWN
http://www.securityevaluators.com/iphone/

Source: MISC
Type: UNKNOWN
http://www.securityevaluators.com/iphone/exploitingiphone.pdf

Source: BID
Type: UNKNOWN
25002

Source: CCN
Type: BID-25002
Apple iPhone Mobile Safari Browser Remote Heap Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018439

Source: VUPEN
Type: Vendor Advisory
ADV-2007-2730

Source: VUPEN
Type: Vendor Advisory
ADV-2007-2731

Source: XF
Type: UNKNOWN
iphone-safari-bo(35577)

Source: XF
Type: UNKNOWN
iphone-safari-bo(35577)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:safari:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:webkit:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version <= 1.0.0)

  • * Denotes that component is vulnerable
    BACK
    apple safari 3.0
    apple webkit *
    apple iphone os *