opera -- URL parsing heap overflow vulnerability

Description:

iDefense Labs reports:

Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host.

A flaw exists within Opera when parsing a tag that contains a URL. A heap buffer with a constant size of 256 bytes is allocated to store the URL, and the tag's URL is copied into this buffer without sufficient bounds checking of its length.

References:

• CVE name CVE-2006-4819
• URL: <http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424>
• URL: <http://secunia.com/advisories/22218/>
• URL: <http://www.opera.com/support/search/supsearch.dml?index=848>

Affects:

• opera >9.* <9.02
• opera-devel >9.* <9.02
• linux-opera >9.* <9.02

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.