This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 1.9.
A Denial of Service (DoS) issue exists in the BlackBerry® Browser in BlackBerry Device Software version 4.2 and earlier. Research In Motion (RIM) has corrected this problem in later releases of the BlackBerry Device Software.
While in the process of parsing a long web page address, the BlackBerry Browser uses almost all of the BlackBerry device processing capability. This may cause the BlackBerry device to become slow or to stop responding.
This article is in reference to US-CERT Advisory VU#282856.
A temporary DoS vulnerability exists in the BlackBerry Browser. The BlackBerry Browser may stop responding when parsing a long web page address.
A web site creator with malicious intent may use a Hypertext Markup Language (HTML) or Wireless Markup Language (WML) web page that contains a long string value within the link. If the BlackBerry device user accesses the link using the BlackBerry Browser, a temporary DoS may occur and the BlackBerry device may stop responding.
Install BlackBerry Device Software version 4.2 Service Pack 1 or later. Downloads are available at the following link: http://www.blackberry.com/support/downloads/index.shtml
If the BlackBerry Browser or BlackBerry device stops responding, do one of the following:
- Press the Alt and Escape keys simultaneously to switch to another application on the BlackBerry device.
- Perform a hard reset of the BlackBerry device. For instructions, see KB02141.
- Wait for the BlackBerry device or the BlackBerry Browser to respond. This occurs after a period of time relative to the size of the link that exploited the vulnerability.
CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS in vulnerability assessments to present an immutable characterization of security issues. RIM assigns all security relevant issues a non-zero score.
Visit www.blackberry.com/security for more information on BlackBerry security.
Updates to article formatting. No technical content changed.
Update due to a system upgrade that did not affect article content.
By downloading, accessing or otherwise using the Knowledge Base documents you agree:
(b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.
Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.