WebKit JavaScriptCore jit/ThunkGenerators.cpp out-of-bounds write

A vulnerability, which was classified as critical, was found in WebKit. Affected is an unknown function of the file jit/ThunkGenerators.cpp of the component JavaScriptCore. The manipulation leads to out-of-bounds write. Using CWE to declare the problem leads to CWE-787. The bug was discovered 01/20/2017. The weakness was released 04/03/2017 as 211479 (Website). The advisory is available at bugs.webkit.org. This vulnerability is traded as CVE-2017-5949. It is possible to launch the attack remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 73 days. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 97298).

Field04/03/2017 04:58 PM08/25/2020 12:22 PM11/24/2022 06:12 PM
typeWeb BrowserWeb BrowserWeb Browser
nameWebKitWebKitWebKit
componentJavaScriptCoreJavaScriptCoreJavaScriptCore
filejit/ThunkGenerators.cppjit/ThunkGenerators.cppjit/ThunkGenerators.cpp
cwe787 (out-of-bounds write)787 (out-of-bounds write)787 (out-of-bounds write)
risk222
historic000
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore6.86.86.8
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore8.08.08.0
cvss3_meta_tempscore8.08.08.0
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1491177600 (04/03/2017)1491177600 (04/03/2017)1491177600 (04/03/2017)
urlhttps://bugs.webkit.org/show_bug.cgi?id=167239https://bugs.webkit.org/show_bug.cgi?id=167239https://bugs.webkit.org/show_bug.cgi?id=167239
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-5949CVE-2017-5949CVE-2017-5949
cve_assigned1486598400 (02/09/2017)1486598400 (02/09/2017)1486598400 (02/09/2017)
cve_nvd_published149117760014911776001491177600
cve_nvd_summaryJavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm.JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm.JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm.
securityfocus972989729897298
securityfocus_titleWebKit CVE-2017-5949 Denial of Service VulnerabilityWebKit CVE-2017-5949 Denial of Service VulnerabilityWebKit CVE-2017-5949 Denial of Service Vulnerability
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days737373
cvss3_nvd_basescore9.89.89.8
discoverydate14848704001484870400
confirm_urlhttps://bugs.webkit.org/show_bug.cgi?id=167239https://bugs.webkit.org/show_bug.cgi?id=167239
osvdb_titleCVE-2017-5949 - Apple - Safari - Out-of-Bounds Write IssueCVE-2017-5949 - Apple - Safari - Out-of-Bounds Write Issue
securityfocus_date1491177600 (04/03/2017)1491177600 (04/03/2017)
securityfocus_classDesign ErrorDesign Error
identifier211479
cvss2_nvd_basescore7.5

Do you need the next level of professionalism?

Upgrade your account now!