667 matches found
CVE-2018-11419
CVE-2018-11419 affects JerryScript 1.0, with a heap-based buffer over-read in lit_read_code_unit_from_hex triggered by a RegExp("[\u0") payload and related to re_parse_char_class in parser/regexp/re-parser.c. The vulnerability details are documented across multiple sources in the connected set an...
CVE-2018-11418
CVE-2018-11418 affects JerryScript 1.0. There is a heap-based buffer over-read in the function lit_read_code_unit_from_utf8, triggered by a RegExp("[\u0020") payload and related to re_parse_char_class in parser/regexp/re-parser.c. The issue is described across multiple sources as a vulnerability ...
CVE-2018-11419
Removed by vendor...
CVE-2018-11418
Removed by vendor...
SUSE-SU-2018:1074-1 Security update for perl
This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pppack.c bsc1082216. - CVE-2018-6798: Fixed heap buffer overflow in regexec.c bsc1082233. - CVE-2018-6797: Fixed sharp-s regexp overflow bsc1082234...
Google Chrome V8 - Genesis::InitializeGlobal Out-of-Bounds Read/Write Exploit
Exploit for multiple platform in category dos / poc / Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle regexpfun = InstallFunction global, "RegExp", JSREGEXPTYPE, JSRegExp::kSize +...
Chrome V8 Genesis::InitializeGlobal Bugs
Chrome: V8: Bugs in Genesis::InitializeGlobal Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle regexpfun = InstallFunction global, "RegExp", JSREGEXPTYPE, JSRegExp::kSize + JSRegExp::kInObjectFieldCount...
Google Chrome V8 - Genesis::InitializeGlobal Out-of-Bounds ReadWrite
Google Chrome V8 - Genesis::InitializeGlobal Out-of-Bounds ReadWrite / Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle regexpfun = InstallFunction global, "RegExp", JSREGEXPTYPE, JSRegExp::kSize +...
Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write
/ Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle regexpfun = InstallFunction global, "RegExp", JSREGEXPTYPE, JSRegExp::kSize + JSRegExp::kInObjectFieldCount kPointerSize, JSRegExp::kInObjectFieldCount,...
Internet Explorer - RegExp.lastMatch Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: ========================================= / function ma...
Internet Explorer - RegExp.lastMatch Memory Disclosure
Internet Explorer - RegExp.lastMatch Memory Disclosure / There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: ========================================= / functio...
Internet Explorer - 'RegExp.lastMatch' Memory Disclosure
/ There is a vulnerability in Internet Explorer that could potentially be used for memory disclosure. This was tested on IE11 running on Window 7 64-bit with the latest patches applied. PoC: ========================================= / function main RegExp.input = toString: f; alertRegExp.lastMatc...
Heap overflow
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...
CVE-2017-18212
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...
CVE-2017-18212
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...
CVE-2017-18212
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...
CVE-2017-18212
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...
CVE-2017-18212
Removed by vendor...
Microsoft Edge: Chakra: JIT: CallRegExSymbolFunction doesn't check the return type
The "CallRegExSymbolFunction" method is used to call symbol functions in regexp objects. But it doesn't check the return value's type. Since the user can define the symbol functions, it can break the JIT compiler's type assumptions. Tested Microsoft Edge 41.16299.15.0 with Experimental JavaScript...
Google Chrome: OOB access in RegExp Stubs
There is an out-of-bounds access in RegExp.prototype.exec and RegExp.prototype.test. The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this check has been performed. This can cause inline fields,...