opera -- execution of arbitrary code

2012-11-19T00:00:00
ID 0925716F-34E2-11E2-AA75-003067C2616F
Type freebsd
Reporter FreeBSD
Modified 2014-04-30T00:00:00

Description

Opera reports:

When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site.