CVE-2009-1692

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

Published: Jun 19, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-1692
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
apple / iphone_os	1.0.0	1.0.0.x
apple / iphone_os	1.0.1	1.0.1.x
apple / iphone_os	1.0.2	1.0.2.x
apple / iphone_os	1.1.0	1.1.0.x
apple / iphone_os	1.1.1	1.1.1.x
apple / iphone_os	1.1.2	1.1.2.x
apple / iphone_os	1.1.3	1.1.3.x
apple / iphone_os	1.1.4	1.1.4.x
apple / iphone_os	1.1.5	1.1.5.x
apple / iphone_os	2.0	2.0.x
apple / iphone_os	2.0.0	2.0.0.x
apple / iphone_os	2.0.1	2.0.1.x
apple / iphone_os	2.0.2	2.0.2.x
apple / iphone_os	2.1	2.1.x
apple / iphone_os	2.1.1	2.1.1.x
apple / iphone_os	2.2	2.2.x
apple / iphone_os	2.2.1	2.2.1.x
apple / iphone_os	-	-
apple / ipod_touch	-	-
apple / safari	-	-

Vulnerability Database

313,825

CVE-2009-1692

Deep Security Visibility Without the Complexity