Safari Can Be Crashed With Long Https Url

Full Version: Safari Can Be Crashed With Long Https Url

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

May 4 2005, 01:49 AM

QUOTE

Safari Can Be Crashed With Long HTTPS URL

Found a bug in the latest Safari that comes with Panther 10.3.9 -
Safari 1.3 (v312), previous versions of Panther are also vulnerable.

The problem is with the URI input for HTTPS which causes Safari to
crash by inputting a large amount of A's i.e.

https://
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Did a debug of the crash, but it kept crashing in a spin_lock while
reading from the text segment. Will post more details when have more
info on it.

Gilbert Verdian
neoresearch.org

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.