| Summary: | www-client/dillo Remote crash (Vendor-Sec) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | minor | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Other | ||
| Whiteboard: | B3 [wait?] CONFIDENTIAL date? | ||
| Package list: | Runtime testing required: | --- | |
If this is just a crash, I wouldn't consider it a vulnerability. This looks like a harmless crash, a regular bug rathen than a secureity issue. marking INVALID. |
Dillo v0.8.4 and all previous versions were vulnerable to remote crashes via large or negative table attributes. These issues can either cause an instant segfault, or a lockup. A sample vulnerable page is: <html><head> <title>Crash #2</title></head> <body> <table> <td colspan=10000000> </td></table></body></html> The patch used to fix the issue is here: http://cvs.auriga.wearlab.de/cgi-bin/cvsweb.cgi/dillo/src/html.c.diff?sortby=date&cvsroot=dillo&r1=1.233&r2=1.234&f=c ---- 0.85 is released and seems to fix the issue, though I haven't tested.