FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- URL parsing heap overflow vulnerability

Affected packages
9.* < linux-opera < 9.02
9.* < opera < 9.02
9.* < opera-devel < 9.02


VuXML ID 4867ae85-608d-11db-8faf-000c6ec775d9
Discovery 2006-10-17
Entry 2006-10-20

iDefense Labs reports:

Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host.

A flaw exists within Opera when parsing a tag that contains a URL. A heap buffer with a constant size of 256 bytes is allocated to store the URL, and the tag's URL is copied into this buffer without sufficient bounds checking of its length.


CVE Name CVE-2006-4819