Opera denies 'malformed Content-Length header Security Issue' of version 10.50

After the release of Opera 10.50, “a crasher and possible security issue posted the day before to an online vulnerability database. Many security sites reposted this information, claiming it was a buffer overflow. This crasher used a very large number in the Content-Length HTTP header to trigger the crash. In fact, the number used was […]

After the release of Opera 10.50, “a crasher and possible security issue posted the day before to an online vulnerability database. Many security sites reposted this information, claiming it was a buffer overflow. This crasher used a very large number in the Content-Length HTTP header to trigger the crash. In fact, the number used was much larger than was necessary to trigger the crash. It was over 5000 digits long, but 20 digits would have been enough. This excessive length would prove to be a bit of a distraction when we analyzed the issue.” A Opera spokesperson reports that "The original report about the Windows-only malformed Content-length header problem is not a security issue, but a variant of the issue, brought to our attention by Secunia, has a theoretical possibility of allowing arbitrary code to run. We have developed a fix for the problem, which is being tested, and are planning to release an update of Opera soon. Until then, if Opera crashes on an untrusted site, you should avoid visiting that site again."