Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Opera Web浏览器样式表属性缓冲区溢出漏洞
Vulnerability Description
Opera是挪威欧朋(Opera Software)公司所开发的一款Web浏览器,它支持多窗口浏览、可定制用户界面等。 Opera实现上存在有符号型变量处理漏洞,远程攻击者可能利用此漏洞导致客户机上的Opera程序崩溃。 Opera在wcsncpy调用中存在有符号型变量比较错误,攻击者可以覆盖目标缓冲区后的大量内存,导致Opera崩溃。但很难利用这个漏洞执行任意代码,因为尽管拷贝了大量的内存,但只有很少的部分是可控的。 攻击者可以通过在样式表属性中指定超长的值来触发这个漏洞。以下是有漏洞函数的反汇编。请注
CVSS Information
N/A
Vulnerability Type
N/A