CVE-2009-2540Allocation of Resources Without Limits or Throttling in Browser

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-1333Regex Denial of Service5 documents5 sources
Severity
4.3MEDIUMNVD
CNA7.1GHSA5.0
EPSS
1.3%
top 20.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedJul 20
Latest updateMay 2

Description

Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-whgj-f82x-p3xc: Opera, possibly 92022-05-02
GHSA
Spring Framework Inefficient Regular Expression Complexity2022-05-02
CVEList
CVE-2009-2540: Opera, possibly 92009-07-20

📋Vendor Advisories

1
Red Hat
Spring Framework Remote Denial of Service vulnerability2009-04-22
CVE-2009-2540 — Opera Browser vulnerability | cvebase