"One bug to rule them all" vulnerability in KJS?

David Faure faure at kde.org
Wed Jul 22 19:19:34 BST 2009


On Friday 17 July 2009, Maksim Orlovich wrote:
> On Friday 17 July 2009 00:21:03 Michael Pyne wrote:
> > There is a flaw provocatively labeled "One bug to rule them all" at this
> > link: http://www.g-sec.lu/one-bug-to-rule-them-all.html
> >
> > The author claims to have contacted KDE regarding Konqueror and received
> > no response.  The bug itself is a unconstrained memory allocation using
> > the select() JavaScript function (or something like that).  I have not
> > tested the vulnerability since I have to be up in about 6 hours to
> > checkout of this hotel and hit the road again. :-/
> 
> Yes, it's a rather simple way of allocating lots of memory, which can be 
> "addressed" by arbitrary limits. There are, however, lots of other ways of 
> doing it, and I could probably get any browser to OOM with a bit of effort.

The fix for this was committed today by Jaroslav Řezník.

-- 
David Faure, faure at kde.org, sponsored by Qt Software @ Nokia to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).




More information about the kde-core-devel mailing list