HTTP response heap buffer overflow can allow execution of arbitrary code

2012-11-19T00:00:00
ID OPERA:1036
Type opera
Reporter Opera
Modified 2012-11-19T00:00:00

Description

When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site.