6 matches found
heap-buffer-overflow in dex_parse
Description There exists a heap based out of bounds read vulnerability in dexparse c setinteger yrle16tohmapitem-type, dex-object, "maplist.mapitem%i.type", i; Reproduction Build the fuzz target with address sanitizer enabled + optional libfuzzer and run the test case from here $ git rev-parse HE...
OSV-2020-1505 Heap-buffer-overflow in yr_object_set_string
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6402 Crash type: Heap-buffer-overflow READ 16 Crash state: yrobjectsetstring dexparse dexload...
OSV-2020-1493 Heap-buffer-overflow in yr_object_set_string
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6402 Crash type: Heap-buffer-overflow READ 7 Crash state: yrobjectsetstring dexparse dexload...
OSV-2020-1398 Heap-buffer-overflow in yr_object_set_string
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6402 Crash type: Heap-buffer-overflow READ 14 Crash state: yrobjectsetstring dexparse dexload...
OSV-2020-1387 Heap-buffer-overflow in yr_object_set_string
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6402 Crash type: Heap-buffer-overflow READ 8 Crash state: yrobjectsetstring dexparse dexload...
yara/dex_fuzzer: Heap-buffer-overflow in dex_parse
Detailed report: https://oss-fuzz.com/testcase?key=4621856041598976 Project: yara Fuzzer: libFuzzeryaradexfuzzer Fuzz target binary: dexfuzzer Job Type: libfuzzerasanyara Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x6120000008c5 Crash State: dexparse dexload...