SALT - SLUB ALlocator Tracer For The Linux Kernel

Welcome to salt , a tool to reverse and learn kernel heap memory management. It can be useful to develop an exploit, to debug your own kernel code, and, more importantly, to play with the kernel heap allocations and learn its inner workings. This tool helps tracing allocations and the current sta...

Remote Memory Disclosure in ws

Versions of ws prior to 1.0.1 are affected by a remote memory disclosure vulnerability. In certain rare circumstances, applications which allow users to control the arguments of a client.ping call will cause ws to send the contents of an allocated but non-zero-filled buffer to the server. This ma...

Medium: glibc

Issue Overview: In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function.CVE-2018-19591 Affected Packages: glibc Note: This adviso...

Design/Logic Flaw

In the GNU C Library aka glibc or libc6 through 2.28, attempting to resolve a crafted hostname via getaddrinfo leads to the allocation of a socket descriptor that is not closed. This is related to the ifnametoindex function...

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer

/ libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode entirely ignores the size of the buffer that is passed to it: static int JBIGDecodeTIFF tif, uint8 buffer, tmsizet size, uint16 s struct jbgdecstate...

Amazon Linux AMI : kernel (ALAS-2018-1048)

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp. This can lead to a system crash and a denial of service.CVE-2018-13094 An issue was...

CVE-2016-8617

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME...

Analysis antivirus BitDefender integer overflow vulnerabilities Part II--exploit-vulnerability warning-the black bar safety net

Our last article reviewed from Pagefault submitted content, detailed description of the Bitdefender antivirus product of the integer overflow problem. Although only rely on the content of these is sufficient to the supplier to submit a bug report, but the Pagefault by providing a...

Uninitialized Buffer Allocation

njwt is vulnerable to uninitialized buffer allocation attacks. The library contains an uninitialized memory allocation when handling a large number, which can allow a malicious user to gain access to sensitive information or crash the application...

Buffer overflow

A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox 50.1...

CVE-2017-7782

An error in the "WindowsDllDetourPatcher" where a RWX "Read/Write/Execute" 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird 52.3, Firefox...

Design/Logic Flaw

An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large pngpixels array allocation...

Node.js third-party modules: `stringstream` allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below

I would like to report n uninitialized Buffer allocation issue in stringstream. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed to the stream e.g. from JSON, on Node.js 4.x and lower. Modu...

CVE-2018-5332

In the Linux kernel through 3.2, the rdsmessageallocsgs function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write related to the rdsrdmaextrasize function in net/rds/rdma.c...

Blender BKE_mesh_calc_normals_tessface Integer Overflow Code Execution Vulnerability

Summary An exploitable integer overflow exists in the BKEmeshcalcnormalstessface functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

Apple macOS High Sierra 10.13 - ctl_ctloutput-leak Information Leak

Apple macOS High Sierra 10.13 - ctlctloutput-leak Information Leak / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of...

Microsoft Edge Chakra CFG Bypass Due To Bug In ServerFreeAllocation Vulnerability

Charka suffers from a CFG bypass due to a bug in ServerFreeAllocation. Chakra: CFG bypass due to a bug in ServerFreeAllocation CVE-2017-11874 Chakra JIT server exposes a ServerFreeAllocation method that can be used to free an existing JIT allocation for example when the corresponding function get...

Apple iOS 11.1.1 kernel DoS Exploit

A logic issue in the allocation of address space identifiers exists. An attacker can cause a denial of service from within a sandboxed process. Usage Info An attacker can use this exploit to cause a denial of service in the kernel This is private exploit. You can buy it at https://0day.today...

Ruby Psych::Emitter start_document Heap Overflow Vulnerability(CVE-2016-2338)

DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase...

Ruby Fiddle::Function.new Heap Overflow Vulnerability(CVE-2016-2339)

DESCRIPTION An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args...