uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nmatrix | Sciruby | * | 4.4.9 (excluding) |
Ublock_origin | Ublockorigin | * | 1.36.2 (excluding) |
Umatrix | Umatrix_project | * | 1.4.2 (excluding) |