1. Home
  2. CVE Database
  3. CVE-2010-1029
MEDIUM · 5.0

CVE-2010-1029

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows...

Vulnerability Description

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
AppleSafari4.0.4
GoogleChrome4.0.249.0
AppleIphone OsAll versions

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2010-1029?

CVE-2010-1029 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows...

How severe is CVE-2010-1029?

CVE-2010-1029 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1029?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Google Chrome, Apple Iphone Os.