Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Nov 2016 15:11:44 -0300
From: Gustavo Grieco <>
Subject: CVE Request: resource exhaustion in regex expression handling in WebKit


Trying to parse and execute this regex code in WebKit:


will consume large amounts of memory (8GB or more), after a few seconds.
This seems to be a case of CWE-400 (uncontrolled resource consumption).

At least, version 2.4.11 Webkit and very recent webkit revisions like
77a474c8f4 are affected.

You can quickly test this issue in different webkit browsers here:

Fortunately, Chrome and Firefox based browsers are *not* affected.

Please assign a CVE if suitable. It is worth to mention, that a month ago,
i asked to MITRE about another issue related with uncontrolled resource
consumption in Firefox loading a SVG but receive no response.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ