Details of VAR-200907-0137

ID

VAR-200907-0137

CVE

CVE-2009-2421

TITLE

Apple Safari of CFCharacterSetInitInlineBuffer Service disruption in methods (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-003611

DESCRIPTION

The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. Apple Safari is prone to a denial-of-service vulnerability that stems from a NULL-pointer dereference. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Versions prior to Apple Safari 4 are vulnerable

Trust: 1.98

sources: NVD: CVE-2009-2421 // JVNDB: JVNDB-2009-003611 // BID: 35481 // VULHUB: VHN-39867

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 2.7
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	4	Trust: 0.3

sources: BID: 35481 // JVNDB: JVNDB-2009-003611 // CNNVD: CNNVD-200907-155 // NVD: CVE-2009-2421

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2421
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-2421
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200907-155
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-39867
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-2421
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-39867
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-39867 // JVNDB: JVNDB-2009-003611 // CNNVD: CNNVD-200907-155 // NVD: CVE-2009-2421

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-39867 // JVNDB: JVNDB-2009-003611 // NVD: CVE-2009-2421

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200907-155

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200907-155

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003611

PATCH

title:

Top Page

url:

http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2009-003611

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2421	Trust: 2.8
db:	BID	id:	35481	Trust: 2.0
db:	JVNDB	id:	JVNDB-2009-003611	Trust: 0.8
db:	BUGTRAQ	id:	20090623 N.RUNS-SA-2009.006 - APPLE SAFARI - NULL POINTER DEREFERENCE	Trust: 0.6
db:	CNNVD	id:	CNNVD-200907-155	Trust: 0.6
db:	VULHUB	id:	VHN-39867	Trust: 0.1

sources: VULHUB: VHN-39867 // BID: 35481 // JVNDB: JVNDB-2009-003611 // CNNVD: CNNVD-200907-155 // NVD: CVE-2009-2421

REFERENCES

url:	http://www.securityfocus.com/bid/35481	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/504479/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2421	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2421	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/504479/100/0/threaded	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	/archive/1/504479	Trust: 0.3

sources: VULHUB: VHN-39867 // BID: 35481 // JVNDB: JVNDB-2009-003611 // CNNVD: CNNVD-200907-155 // NVD: CVE-2009-2421

CREDITS

Alexios Fakos of n.runs AG

Trust: 0.3

sources: BID: 35481

SOURCES

db:	VULHUB	id:	VHN-39867
db:	BID	id:	35481
db:	JVNDB	id:	JVNDB-2009-003611
db:	CNNVD	id:	CNNVD-200907-155
db:	NVD	id:	CVE-2009-2421

LAST UPDATE DATE

2025-04-10T23:19:45.880000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-39867	date:	2018-10-10T00:00:00
db:	BID	id:	35481	date:	2009-07-20T22:36:00
db:	JVNDB	id:	JVNDB-2009-003611	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200907-155	date:	2009-07-10T00:00:00
db:	NVD	id:	CVE-2009-2421	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-39867	date:	2009-07-09T00:00:00
db:	BID	id:	35481	date:	2009-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2009-003611	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200907-155	date:	2009-07-09T00:00:00
db:	NVD	id:	CVE-2009-2421	date:	2009-07-09T16:30:00.937