HTTP response heap buffer overflow can allow execution of arbitrary code – Opera Security Advisories




When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site.

Opera’s Response

Opera Software has released Opera 12.11, where this issue has been fixed.