What happened here was... he was copy pasting the text to grow its size exponentially. After about 20 or so copy pasting cycles, the UI of the chat app became unresponsive on the UI thread (because of the copy paste operation it was handling) and some watchdog process decided the chat app needed to be terminated because it was unresponsive for longer than a configured time span. This isn't a vulnerability and doesn't warrant a CVE - the system was operating normally.
>The vulnerable application is the interactive chat application that allows to send messages to other passengers.
A bit of a side note here, but does anyone actually use this? I remember seeing it on an ANA flight and thought it was a funny feature. I suppose the intent is to message someone you know if you happen to be seated far away, but the thought of sending random unsolicited messages to any seat (assuming there isn't something to prevent this, e.g. message receiving is off by default unless you allow specific seat numbers) is a bit fun / odd. 'Seat 24B here, anyone else can't sleep?'
I really don't see how this is a vulnerability or a denial of service attack, any more than hitting my laptop with a hammer is a denial of service attack.
Maybe it's a buffer overflow, but that's at best an educated guess from the author.
I’d be surprised if it was a buffer overflow, most applications aren’t using unsafe languages in that way these days. I would guess some sort of memory exhaustion.
Crashing a single program on your own workstation isn't a "Denial of Service attack"
I mean you might be denying yourself service, but you could just as easily pour coffee on your equipment.