CVE-2018-6003

An issue was discovered in the asn1decodesimpleber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS...

CVE-2017-0422

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

CVE-2017-0422

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

UBUNTU-CVE-2017-0422

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

Denial of service

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

CVE-2017-0422

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

CVE-2017-0422

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

CVE-2017-0422

CVE-2017-0422 is a DoS in Android’s Bionic DNS that can be triggered by a crafted network packet to cause a device hang or reboot. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The vulnerability stems from the Bionic DNS component and is remote in scope (netwo...

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

A highly critical vulnerability has been uncovered in the GNU C Library glibc, a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them. Just clicking on a link or...

Design/Logic Flaw

The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a...

CVE-2012-2808

CVE-2012-2808 affects Android's Bionic DNS resolver, where the PRNG used to generate DNS query IDs and UDP source ports relies on time and PID. This weakens randomness, facilitating remote spoofing of DNS responses. The connected CVE-2015-0800 describes a related Android Firefox DNS-spoofing issu...

PRNG weakness allows for DNS poisoning on Android — Mozilla

Mozilla developer Daniel Stenberg reported that the DNS resolver in Firefox for Android uses an insufficiently random algorithm when generating random numbers for the unique identifier. This was derived from an old version of the Bionic libc library and suffered from insufficient randomness in th...

Internet Bug Bounty: Heap overflow in H. Spencer’s regex library on 32 bit systems

The IBB's programs provide a great incentive for me to find vulnerabilities in open source software. With this one I set out to find a vulnerability in PHP and discovered that the vulnerability that I found exists in a wider constellation of applications, including BSD libc's. IBB's Alex Rice's...

Linux Kernel - Sendpage Local Privilege Escalation

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...

CVE-2012-2674

Multiple integer overflows in the 1 chkmalloc, 2 leakmalloc, and 3 leakmemalign functions in libc/bionic/mallocdebugleak.c in Bionic libc for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a lar...

Integer overflow

Multiple integer overflows in the 1 chkmalloc, 2 leakmalloc, and 3 leakmemalign functions in libc/bionic/mallocdebugleak.c in Bionic libc for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a lar...

CVE-2012-2674

Multiple integer overflows in the 1 chkmalloc, 2 leakmalloc, and 3 leakmemalign functions in libc/bionic/mallocdebugleak.c in Bionic libc for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a lar...

Unfixed XSS vulnerability at www.bioniccommando.com

Security researcher jath, has submitted on 17/09/2009 a cross-site-scripting XSS vulnerability affecting www.bioniccommando.com, which at the time of submission ranked 141582 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/09/2009. It is...

CVE-2009-0606

The linkimage function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by certain groups, possibly ...

CVE-2009-0607

Multiple integer overflows in mallocleak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the 1 chkcalloc and 2 leakcalloc functions...