108 matches found
The vulnerability of the RPMB process in the Android operating system allows a hacker to bypass certificate verification.
The vulnerability of the RPMB process in the Android operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to bypass certificate verification...
mbed TLS (PolarSSL) -- multiple vulnerabilities
Janos Follath reports: If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack. Depending on the platform, this could result in a Denial of Service client crash or...
shopify-scripts: sprintf gem - format string combined attack
In the sprintf gem, NOT included in mruby-engine, there are severe vulnerabilities, including information leak, and heap buffer overflow. Here are the technical details. Technical Error 1: ============== The CHECKl macro can sometimes receive negative values, that will bypass the size checks, sin...
CVE-2016-9939
Crypto++ aka cryptopp and libcrypto++ 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will b...
Microsoft Edge - 'CTextExtractor::GetBlockText' Out-of-Bounds Read (MS16-104)
::first-letter border: 0; white-space: pre-line; Aalert;&xD;&xD;B Description Though I did not investigate thoroughly, I did find out the following: The root cause appears to be an integer underflow in a 32-bit variable used in CTextExtractor..GetBlockText as an index to read a WCHAR in a...
VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit
Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...
VBScript RegExpComp::PnodeParse Out-Of-Bounds Read
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the sixth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161108001.html. There you can find a repro th...
VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
!-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able t...
kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...
CVE-2016-6309
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...
Design/Logic Flaw
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...
CVE-2016-6309
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...
CVE-2016-6309
CVE-2016-6309 concerns OpenSSL 1.1.0a and describes a use-after-free due to memory-block handling after realloc during TLS session processing, enabling a remote attacker to cause a denial of service or possibly execute arbitrary code. The provided documents include multiple IBM advisories that re...
CVE-2016-6309
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...
CVE-2016-6309
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...
CVE-2016-6309
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...
Updated libksba packages fix security vulnerability
It was found that an unproportionate amount of memory is allocated when parsing crafted certificates in libskba, which may lead to DoS. Moreover in libksba 1.3.4, allocated memory is uninitialized and could potentially contain sensitive data left in freed memory block...
Cisco Unified IP phones 内存块设备弱权限漏洞
No description provided by source...
Cisco Adaptive Security Appliance VPN Memory Block Exhaustion Vulnerability
A vulnerability in the IPsec code of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause the depletion of a memory block, which may cause the system to stop forwarding traffic and result in a denial of service DoS condition. The vulnerability is d...
PHP 5.6 GMP unserialize() Use-After-Free
Use After Free Vulnerability in unserialize with GMP Taoguang Chen - Write Date: 2015.8.17 - Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code...