Recompiling the regular expression pattern during a replace can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size. CVE-2015-2482: http://ift.tt/1hCFSR0 ZDI-15-515: http://ift.tt/1jmql9X MS15-108: http://ift.tt/1k2eayY Repro: Repro-in-a-tweet: https://twitter.com/berendjanwever/status/654048253047140352 Cheers, SkyLined Follow me on twitter for a new browser bug every* day! https://twitter.com/berendjanwever (* might be more than one some days)
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment