opera -- URL parsing heap overflow vulnerability

ID 4867AE85-608D-11DB-8FAF-000C6EC775D9
Type freebsd
Reporter FreeBSD
Modified 2006-10-17T00:00:00


iDefense Labs reports:

Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. A flaw exists within Opera when parsing a tag that contains a URL. A heap buffer with a constant size of 256 bytes is allocated to store the URL, and the tag's URL is copied into this buffer without sufficient bounds checking of its length.