1. Home
  2. CVE Database
  3. CVE-2009-1692
HIGH · 7.1

CVE-2009-1692

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory...

Vulnerability Description

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

CVSS Score

7.1

HIGH

AV:N/AC:M/Au:N/C:N/I:N/A:C
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE

Affected Products

VendorProductVersions
AppleIphone Os1.0.0
AppleIpod TouchAll versions
AppleSafariAll versions

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2009-1692?

CVE-2009-1692 is a vulnerability with a CVSS score of 7.1 (HIGH). WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory...

How severe is CVE-2009-1692?

CVE-2009-1692 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1692?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Ipod Touch, Apple Safari.