FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- URL parsing heap overflow vulnerability

Affected packages
9.* < linux-opera < 9.02
9.* < opera < 9.02
9.* < opera-devel < 9.02

Details

VuXML ID 4867ae85-608d-11db-8faf-000c6ec775d9
Discovery 2006-10-17
Entry 2006-10-20

iDefense Labs reports:

Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host.

A flaw exists within Opera when parsing a tag that contains a URL. A heap buffer with a constant size of 256 bytes is allocated to store the URL, and the tag's URL is copied into this buffer without sufficient bounds checking of its length.

[source]

References

CVE Name CVE-2006-4819
URL http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424
URL http://secunia.com/advisories/22218/
URL http://www.opera.com/support/search/supsearch.dml?index=848

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.