CVE-2008-2303 | Vulnerability Database | Aqua Security

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.

Affected Software

Name	Vendor	Start Version	End Version
Iphone	Apple	1.0 (including)	1.0 (including)
Iphone	Apple	1.1.3 (including)	1.1.3 (including)
Iphone	Apple	1.1.4 (including)	1.1.4 (including)
Iphone	Apple	1.02 (including)	1.02 (including)
Ipod_touch	Apple	1.1 (including)	1.1 (including)
Ipod_touch	Apple	1.1.1 (including)	1.1.1 (including)
Ipod_touch	Apple	1.1.2 (including)	1.1.2 (including)
Ipod_touch	Apple	1.1.3 (including)	1.1.3 (including)
Ipod_touch	Apple	1.1.4 (including)	1.1.4 (including)
Iphone_os	Apple	1.0.1 (including)	1.0.1 (including)
Iphone_os	Apple	1.0.2 (including)	1.0.2 (including)
Iphone_os	Apple	1.1.1 (including)	1.1.1 (including)
Iphone_os	Apple	1.1.2 (including)	1.1.2 (including)

References

http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
http://secunia.com/advisories/31074
http://secunia.com/advisories/32706
http://support.apple.com/kb/HT3298
http://www.securityfocus.com/bid/30186
http://www.vupen.com/english/advisories/2008/2094/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43736

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-2303
CWE	https://cwe.mitre.org/data/definitions/189.html