Unrated severityNVD Advisory· Published Jun 19, 2009· Updated Jun 16, 2026
CVE-2009-1692
CVE-2009-1692
Description
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
- (no CPE)range: 1.0 - 2.2.1
- Range: <r41741
- osv-coords2 versions
>= 0+ 1 more
- (no CPE)range: >= 0
- (no CPE)range: < 4:4.6.2-4
Patches
Vulnerability mechanics
References
20- lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlnvdVendor Advisory
- support.apple.com/kb/HT3639nvdVendor Advisory
- kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
- osvdb.org/55242nvd
- secunia.com/advisories/36977nvd
- secunia.com/advisories/37746nvd
- secunia.com/advisories/43068nvd
- www.debian.org/security/2009/dsa-1950nvd
- www.g-sec.lu/one-bug-to-rule-them-all.htmlnvd
- www.securityfocus.com/archive/1/504969/100/0/threadednvd
- www.securityfocus.com/archive/1/504988/100/0/threadednvd
- www.securityfocus.com/archive/1/504989/100/0/threadednvd
- www.securityfocus.com/archive/1/505006/100/0/threadednvd
- www.securityfocus.com/bid/35414nvd
- www.securityfocus.com/bid/35446nvd
- www.vupen.com/english/advisories/2009/1621nvd
- www.vupen.com/english/advisories/2011/0212nvd
- bugs.webkit.org/show_bug.cginvd
- www.exploit-db.com/exploits/9160nvd
News mentions
0No linked articles in our index yet.