FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- URL parsing heap overflow vulnerability

Affected packages
9.* < linux-opera < 9.02
9.* < opera < 9.02
9.* < opera-devel < 9.02

Details

VuXML ID 4867ae85-608d-11db-8faf-000c6ec775d9
Discovery 2006-10-17
Entry 2006-10-20

iDefense Labs reports:

Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host.

A flaw exists within Opera when parsing a tag that contains a URL. A heap buffer with a constant size of 256 bytes is allocated to store the URL, and the tag's URL is copied into this buffer without sufficient bounds checking of its length.

References

CVE Name CVE-2006-4819
URL http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424
URL http://secunia.com/advisories/22218/
URL http://www.opera.com/support/search/supsearch.dml?index=848