Sign-up

ID

VAR-201704-0063


CVE

CVE-2016-10226


TITLE

Safari Technology Preview Distributed by WebKit of JavaScriptCore Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-008271

DESCRIPTION

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp. Apple Safari Technology Preview is a browser of Apple (Apple). WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. There is a security vulnerability in the JavaScriptCore of WebKit released in Apple Safari Technology Preview Release 18

Trust: 1.71

sources: NVD: CVE-2016-10226 // JVNDB: JVNDB-2016-008271 // VULHUB: VHN-88981

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:18

Trust: 1.6

vendor:applemodel:safariscope:eqversion:technology preview release 18

Trust: 0.8

sources: JVNDB: JVNDB-2016-008271 // NVD: CVE-2016-10226 // CNNVD: CNNVD-201702-635

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-10226
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201702-635
value: MEDIUM

Trust: 0.6

VULHUB: VHN-88981
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-10226
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-88981
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-10226
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-88981 // JVNDB: JVNDB-2016-008271 // NVD: CVE-2016-10226 // CNNVD: CNNVD-201702-635

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-88981 // JVNDB: JVNDB-2016-008271 // NVD: CVE-2016-10226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-635

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-635

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-10226

PATCH
title:チェンジセット 209295 (webkit)url:https://trac.webkit.org/changeset/209295/webkit
Trust: 0.8
title:Bug 165091url:https://bugs.webkit.org/show_bug.cgi?id=165091
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-008271

EXTERNAL IDS
db:NVDid:CVE-2016-10226
Trust: 2.5
db:JVNDBid:JVNDB-2016-008271
Trust: 0.8
db:CNNVDid:CNNVD-201702-635
Trust: 0.7
db:VULHUBid:VHN-88981
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88981 // 
            
            
            
            JVNDB: JVNDB-2016-008271 // 
            
            
            
            NVD: CVE-2016-10226 // 
            
            
            
            CNNVD: CNNVD-201702-635

REFERENCES
url:https://bugs.webkit.org/show_bug.cgi?id=165091
Trust: 1.7
url:https://trac.webkit.org/changeset/209295
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10226
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-10226
Trust: 0.8
sources:
            
            
            VULHUB: VHN-88981 // 
            
            
            
            JVNDB: JVNDB-2016-008271 // 
            
            
            
            NVD: CVE-2016-10226 // 
            
            
            
            CNNVD: CNNVD-201702-635

SOURCES
db:VULHUBid:VHN-88981
db:JVNDBid:JVNDB-2016-008271
db:NVDid:CVE-2016-10226
db:CNNVDid:CNNVD-201702-635

LAST UPDATE DATE
2023-12-18T13:29:24.281000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-88981date:2017-04-11T00:00:00
db:JVNDBid:JVNDB-2016-008271date:2017-05-09T00:00:00
db:NVDid:CVE-2016-10226date:2017-04-11T01:09:28.040
db:CNNVDid:CNNVD-201702-635date:2017-04-11T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-88981date:2017-04-03T00:00:00
db:JVNDBid:JVNDB-2016-008271date:2017-05-09T00:00:00
db:NVDid:CVE-2016-10226date:2017-04-03T05:59:00.537
db:CNNVDid:CNNVD-201702-635date:2017-02-20T00:00:00