Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

0day.today
0day.todayadded 2019/11/11 12:0 a.m.175 views

iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address

During processing of incoming iMessages, attacker controlled data is deserialized using the NSUnarchiver API. One of the classes that is allowed to be decoded from the incoming data is NSDictionary. However, due to the logic of NSUnarchiver, all subclasses of NSDictionary that also implement secu...

9.8CVSS0.4AI score0.21227EPSS
Exploits3
Exploit DB
Exploit DBadded 2019/09/24 12:0 a.m.252 views

iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds

When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated object. If initWithCoder: or any method it calls decodes the same object,...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2019/09/24 12:0 a.m.32 views

iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds

iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated...

0.5AI score
Exploits0
exploitpack
exploitpackadded 2019/08/15 12:0 a.m.15 views

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String There is an info leak when decoding the SGBigUTF8String class using SGBigUTF8String initWithCoder:. This class initializes the string using SGBigUTF8String initWithUTF8DataNullTerminated: even though there is no guarantee the bytes provide...

Exploits0
seebug.org
seebug.orgadded 2017/05/27 12:0 a.m.35 views

Apple iOS / OS X NSKeyedArchiver Memory Corruption(CVE-2017-2527)

CAMediaTimingFunctionBuiltin is a class in QuartzCore. Its initWithCoder: method reads an Int "index" then passes that to builtinfunction mov ebx, edi -- controlled unsigned int mov r14d, ebx lea r15, ZL9functions0 ; functions mov rax, r15+r148 if rax is non-null it's returned as an objective-c...

7.5CVSS8.6AI score0.09359EPSS
Exploits2
seebug.org
seebug.orgadded 2017/05/27 12:0 a.m.28 views

Apple iOS / MacOS NSKeyedArchiver Heap Corruption(CVE-2017-2524)

Using lldb inside a simple helloworld app for iOS we can see that there are over 600 classes which we could get deserialized for persistance for example. The TextInput framework which is loaded has a class TIKeyboardLayout. The initWithCoder: implementation has this code: this is the x86 code, th...

7.5CVSS8.8AI score0.17644EPSS
Exploits3
0day.today
0day.todayadded 2017/05/23 12:0 a.m.40 views

Apple iOS / macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in CAMediaTimin

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1175 CAMediaTimingFunctionBuiltin is a class in QuartzCore. Its initWithCoder: method reads an Int "index" then passes that to builtinfunction mov ebx, edi -- controlled unsigned...

7.5CVSS8.8AI score0.09359EPSS
Exploits2
Rows per page
Query Builder