Sign-up

ID

VAR-200802-0447


CVE

CVE-2008-0729


TITLE

Apple iPhone of Mobile Safari Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-002710

DESCRIPTION

Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information. Apple iPhone is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a maliciously crafted webpage. Successful attacks cause a kernel panic, crashing the device. Given the nature of this issue, remote code execution may also be possible, but this has not been confirmed. iPhone 1.1.2 and 1.1.3 are affected; other versions may also be vulnerable. This vulnerability may be related to CVE-2006-3677

Trust: 1.98

sources: NVD: CVE-2008-0729 // JVNDB: JVNDB-2008-002710 // BID: 27442 // VULHUB: VHN-30854

AFFECTED PRODUCTS

vendor:applemodel:mobile safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.9

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.9

vendor:applemodel:iphonescope:eqversion:1.1.2 and 1.1.3

Trust: 0.8

vendor:applemodel:mobile safariscope: - version: -

Trust: 0.8

vendor:applemodel:mobile safariscope:eqversion:0

Trust: 0.3

sources: BID: 27442 // JVNDB: JVNDB-2008-002710 // CNNVD: CNNVD-200802-241 // NVD: CVE-2008-0729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0729
value: HIGH

Trust: 1.0

NVD: CVE-2008-0729
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200802-241
value: MEDIUM

Trust: 0.6

VULHUB: VHN-30854
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-0729
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30854
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-30854 // JVNDB: JVNDB-2008-002710 // CNNVD: CNNVD-200802-241 // NVD: CVE-2008-0729

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-30854 // JVNDB: JVNDB-2008-002710 // NVD: CVE-2008-0729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-241

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200802-241

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002710

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-30854

PATCH
title:Top Pageurl:http://www.apple.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002710

EXTERNAL IDS
db:NVDid:CVE-2008-0729
Trust: 2.8
db:BIDid:27442
Trust: 2.0
db:EXPLOIT-DBid:4978
Trust: 1.7
db:SREASONid:3630
Trust: 1.7
db:JVNDBid:JVNDB-2008-002710
Trust: 0.8
db:CNNVDid:CNNVD-200802-241
Trust: 0.7
db:EXPLOIT-DBid:31057
Trust: 0.1
db:SEEBUGid:SSVID-84410
Trust: 0.1
db:VULHUBid:VHN-30854
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30854 // 
            
            
            
            BID: 27442 // 
            
            
            
            JVNDB: JVNDB-2008-002710 // 
            
            
            
            CNNVD: CNNVD-200802-241 // 
            
            
            
            NVD: CVE-2008-0729

REFERENCES
url:http://www.securityfocus.com/bid/27442
Trust: 1.7
url:http://www.securityfocus.com/archive/1/487607/100/0/threaded
Trust: 1.7
url:http://www.securityfocus.com/archive/1/492225/100/0/threaded
Trust: 1.7
url:https://www.exploit-db.com/exploits/4978
Trust: 1.7
url:http://securityreason.com/securityalert/3630
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/39998
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0729
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0729
Trust: 0.8
url:http://www.apple.com/iphone/
Trust: 0.3
url:/archive/1/487607
Trust: 0.3
sources:
            
            
            VULHUB: VHN-30854 // 
            
            
            
            BID: 27442 // 
            
            
            
            JVNDB: JVNDB-2008-002710 // 
            
            
            
            CNNVD: CNNVD-200802-241 // 
            
            
            
            NVD: CVE-2008-0729

CREDITS
fuzion discovered this issue.
Trust: 0.9
sources:
            
            
            BID: 27442 // 
            
            
            
            CNNVD: CNNVD-200802-241

SOURCES
db:VULHUBid:VHN-30854
db:BIDid:27442
db:JVNDBid:JVNDB-2008-002710
db:CNNVDid:CNNVD-200802-241
db:NVDid:CVE-2008-0729

LAST UPDATE DATE
2025-04-10T23:09:35.828000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-30854date:2018-10-15T00:00:00
db:BIDid:27442date:2015-05-07T17:33:00
db:JVNDBid:JVNDB-2008-002710date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200802-241date:2022-08-10T00:00:00
db:NVDid:CVE-2008-0729date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-30854date:2008-02-12T00:00:00
db:BIDid:27442date:2008-01-24T00:00:00
db:JVNDBid:JVNDB-2008-002710date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200802-241date:2008-02-12T00:00:00
db:NVDid:CVE-2008-0729date:2008-02-12T21:00:00