Buffer Overflow Vulnerability in WebKit's FastBitVector.h

Buffer Overflow Vulnerability in WebKit's FastBitVector.h

CVE-2017-17821 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.

Learn more about our Web App Pen Testing.