Re: CVE Request: resource exhaustion in regex expression handling in WebKit

[<cve-assign () mitre org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Trying to parse and execute this regex code in WebKit:
>
> [ about 170 instances of "($" and then "{-2,16}" and then about
>   170 instances of "+)" ]
>
> will consume large amounts of memory (8GB or more), after a few seconds.
> This seems to be a case of CWE-400 (uncontrolled resource consumption).
>
> Chrome and Firefox based browsers are *not* affected.

Use CVE-2016-9643.


> asked to MITRE about another issue related with uncontrolled resource
> consumption in Firefox loading a SVG but receive no response.

We have just answered that on its own thread.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYOg/tAAoJEHb/MwWLVhi2jXMP+wXfT6g+wyocbXiiIbflNo9x
Aj8TQ9PP7ZTO2akx4xOdep+Jpulg2K5ACWG/PDqy+oPV3ouJDyT0xzUTYK0MLFWa
oDe460NUGm92UkG9VSkzSe5RYN7tawxzYfoaSulJf4gd6bDUSRPxB+rDEWeX6mCT
q/VKySkcs7wAtZd6N9W/NPg0+Jeo/qgCeU0wf1Uz8c+1WvF7c2ooqyYTq36Z434F
gT4GshSEqGmi3PCKomzSEmaRYeGhREy7J82/b7JHYgmMDnwDJWNqg/MXhzE6VjP4
uRSEAYaKksVsWI+CtxLNeiBSZAyEV2Gd2hSthd/xSAQfJ9lAK+rxJN38cIl0NIL5
4tgyNHGYtOYIjiFKtil0T3DE3IlLlWFJAa2ICkpqDoFjPDBQXxbKcwG4TM5DTMBe
Fqe7WK3SXZNd5imt296L0lBry50v7/xjyIstUR8QoPJBJ0AGHJw8uCRjps0zZK6k
nzbKM0LZdgTmf7zdxjGIEjhLIkGCxXJdGGVQMFb80EHgwM+LfTDD1KTAodB+1oRd
UJeaRv0EqndpAOKlxHhMDGxk7n4Tz34luKaav9abaJ4mo8F1Sho4UgRVZtlik+EQ
Wm3g/BeTqjj2JkBvQwrQNVn5VA75tE+Xp5ZnjnQTPSuqwBNvQjPU+EoeStadSP57
ALKxkr8D5RHlAGNzIVoQ
=eJl5
-----END PGP SIGNATURE-----