CVE-2008-4221

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0820%

EPSS Percentile27.63th

PublishedDec 17, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.

Affected Platforms (CPE)

💻

Apple

Mac Os X

<= 10.5.5

💻

Apple

Mac Os X

= 10.4.11

💻

Apple

Mac Os X

= 10.5

💻

Apple

Mac Os X

= 10.5.1

💻

Apple

Mac Os X

= 10.5.2

💻

Apple

Mac Os X

= 10.5.3

💻

Apple

Mac Os X

= 10.5.4

💻

Apple

Mac Os X Server

<= 10.5.5

💻

Apple

Mac Os X Server

= 10.4.11

💻

Apple

Mac Os X Server

= 10.5

💻

Apple

Mac Os X Server

= 10.5.1

💻

Apple

Mac Os X Server

= 10.5.2

💻

Apple

Mac Os X Server

= 10.5.3

💻

Apple

Mac Os X Server

= 10.5.4

References & Advisories

🔗 http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html

🔗 http://secunia.com/advisories/33179

🔗 http://support.apple.com/kb/HT3338

🔗 http://www.securityfocus.com/bid/32839

🔗 http://www.securityfocus.com/bid/32881

🔗 http://www.securitytracker.com/id?1021406

🔗 http://www.us-cert.gov/cas/techalerts/TA08-350A.html

🔗 http://www.vupen.com/english/advisories/2008/3444

Vulnerability Description

Affected Platforms (CPE)

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X Server

Mac Os X Server

Mac Os X Server

Mac Os X Server

Mac Os X Server

Mac Os X Server

Mac Os X Server

References & Advisories

Related Vulnerabilities