PRNG weakness allows for DNS poisoning on Android — Mozilla

Mozilla developer Daniel Stenberg reported that the DNS resolver in Firefox for Android uses an insufficiently random algorithm when generating random numbers for the unique identifier. This was derived from an old version of the Bionic libc library and suffered from insufficient randomness in th...

Internet Bug Bounty: Heap overflow in H. Spencer’s regex library on 32 bit systems

The IBB's programs provide a great incentive for me to find vulnerabilities in open source software. With this one I set out to find a vulnerability in PHP and discovered that the vulnerability that I found exists in a wider constellation of applications, including BSD libc's. IBB's Alex Rice's...

Integer overflow

Multiple integer overflows in the 1 chkmalloc, 2 leakmalloc, and 3 leakmemalign functions in libc/bionic/mallocdebugleak.c in Bionic libc for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a lar...