[2008-07-23] Opera 9.5.1 url handling memory+cpu consumption DOS


Opera 9.5.1 is prone to a remote denial of service attack because it fails to properly handle overly long url's in the form of www.[100000+ x 'a'].com.An example will be <a href="http://www.a.a.a.a.a....[100000+].com/">test</a>.When following such a link Opera will start eating up some nice cpu and memory(ram) and stop responding thus hanging.A malicious website can host a page including such an url,thereby causing a remote denial of service attack on systems visiting the website.
Tested on Opera 9.5.1 under Windows XP.Other versions might be affected too.

POC/Exploit code   [.html]

The following proof of concept html page has been provided opera.html

Other references

Milw0rm :

Securityfocus :