{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-06T18:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/"}, {"name": "APPLE-SA-2014-04-22-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT6537"}, {"name": "APPLE-SA-2014-04-22-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"}, {"name": "APPLE-SA-2014-04-01-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"}, {"tags": ["x_refsource_MISC"], "url": "http://twitter.com/thezdi/statuses/444157530139136000"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2014-1303", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/", "refsource": "MISC", "url": "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/"}, {"name": "APPLE-SA-2014-04-22-2", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"}, {"name": "https://support.apple.com/kb/HT6537", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT6537"}, {"name": "APPLE-SA-2014-04-22-3", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"}, {"name": "APPLE-SA-2014-04-01-1", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"}, {"name": "http://twitter.com/thezdi/statuses/444157530139136000", "refsource": "MISC", "url": "http://twitter.com/thezdi/statuses/444157530139136000"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:34:41.142Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/"}, {"name": "APPLE-SA-2014-04-22-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT6537"}, {"name": "APPLE-SA-2014-04-22-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"}, {"name": "APPLE-SA-2014-04-01-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://twitter.com/thezdi/statuses/444157530139136000"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2014-1303", "datePublished": "2014-03-26T14:00:00", "dateReserved": "2014-01-08T00:00:00", "dateUpdated": "2024-08-06T09:34:41.142Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en Apple Safari 7.0.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario y evadir un mecanismo de proyecci\u00f3n sandbox a trav\u00e9s de vectores no especificados, como fue demostrado por Liang Chen durante una competici\u00f3n Pwn2Own en CanSecWest 2014."}], "id": "CVE-2014-1303", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-26T14:55:05.773", "references": [{"source": "product-security@apple.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"}, {"source": "product-security@apple.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"}, {"source": "product-security@apple.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"}, {"source": "product-security@apple.com", "url": "http://twitter.com/thezdi/statuses/444157530139136000"}, {"source": "product-security@apple.com", "url": "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/kb/HT6537"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://twitter.com/thezdi/statuses/444157530139136000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT6537"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "webkitgtk: heap-based buffer overflow (WSA-2015-0001)", "id": "1186241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186241"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-122", "details": ["Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014."], "name": "CVE-2014-1303", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-01-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-1303\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1303\nhttp://webkitgtk.org/security/WSA-2015-0001.html"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}