CVE-2017-17821

Name of the Vulnerable Software and Affected Versions Safari Technology Preview Release 46

Description The issue allows remote attackers to cause a denial of service or possibly have other impacts because it incorrectly handles cases where the old array length is greater than the new array length. This is due to the FastBitVectorWordOwner::resizeSlow function being called for a purpose other than initializing a bitvector size. The function is located in WTF/wtf/FastBitVector.cpp and is related to the WTF/wtf/FastBitVector.h file in WebKit.

Recommendations As a temporary workaround, consider disabling the resizeSlow function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.