CVE-2017-5949

Name of the Vulnerable Software and Affected Versions Safari Technology Preview Release versions prior to 23

Description The issue allows remote attackers to cause a denial of service or possibly have other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to files such as jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32 64.asm, and llint/LowLevelInterpreter64.asm. This is due to a heap-based out-of-bounds write caused by a buffer overflow in the JavaScriptCore in WebKit.

Recommendations For Safari Technology Preview Release versions prior to 23, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the execution of crafted JavaScript code until a patch is available.