1000 matches found
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
USN-4432-1 grub2, grub2-signed vulnerabilities
Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...
grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based...
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
UBUNTU-CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
OSV-2020-862 Use-of-uninitialized-value in std::__1::vector<std::__1::vector<Sass::Extension, std::__1::allocator<Sass::Ext
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21223 Crash type: Use-of-uninitialized-value Crash state: std::1::vectorstd::1::vectorSass::Extension, std::1::allocatorSass::Ext Sass::Extender::extendCompound Sass::Extender::extendComplex...
OSV-2020-823 Object-size in std::__1::vector<wabt::DataSegment*, std::__1::allocator<wabt::DataSegment*> >::
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20367 Crash type: Object-size Crash state: std::1::vector :: wabt::BinaryReaderIR::OnDataSymbol wabt::BinaryReader::ReadLinkingSection...
OSV-2020-573 UNKNOWN READ in (__has_construct<std::__1::allocator<unsigned
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14479 Crash type: UNKNOWN READ Crash state: hasconstruct::value, void::t std::1::vector ::vectoruns...
OSV-2020-65 Heap-use-after-free in std::__1::vector<unsigned long, std::__1::allocator<unsigned long> >::begin
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21908 Crash type: Heap-use-after-free READ 8 Crash state: std::1::vector ::begin perfetto::traceprocessor::TrackTracker::ResolveDescriptorTrack perfetto::traceprocessor::TrackTracker::GetDescriptorTrackImpl...
The zero-day exploits of Operation WizardOpium
Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we've already published blog posts briefly describing this operation available here and here, in this blog post we'd li...
CVE-2020-0221
Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID:...
Buffer overflow
Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2020-0221
CVE-2020-0221 affects Airbrush’s scratch memory allocator in the Android kernel. The root cause is a numeric overflow in the allocator, which could cause the next allocation to return a pointer within a previously allocated region, enabling improper memory access and elevation of privilege on aff...
CVE-2020-0221
Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID:...
Arbitrary Code Execution
python is vulnerable to arbitrary code execution. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate...
Arbitrary Code Execution
openoffice.org is vulnerable to arbitrary code execution. A heap overflow flaw in the OpenOffice memory allocator allows an attacker to use the flaw to crash OpenOffice.org or, possibly, execute arbitrary code via a malicious file...
Arbitrary Code Execution
openoffice.org is vulnerable to arbitrary code execution. The vulnerability exists as a numeric truncation error was found in the OpenOffice.org memory allocator. If a carefully crafted file was opened by a victim, an attacker could use this flaw to crash OpenOffice.org or, possibly, execute...
Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation
This blog post continues the FLARE script series with a discussion of patching IDA Pro database files IDBs to interactively emulate code. While the fastest way to analyze or unpack malware is often to run it, malware won’t always successfully execute in a VM. I use IDA Pro’s Bochs integration in...
Updated proftpd packages fix security vulnerability
Updated proftpd packages fix security vulnerability: Antonio Morales discovered an use-after-free flaw in the memory pool allocator in ProFTPD. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code...