CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...

DEBIAN-CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...

UBUNTU-CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...

CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...

CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...

CVE-2018-6639

An out-of-bounds write Remote Code Execution issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d...

CVE-2018-6639

An out-of-bounds write Remote Code Execution issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d...

Remote code execution

An out-of-bounds write Remote Code Execution issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d...

Microsoft Windows Uniscribe Remote Code Execution Vulnerability(CVE-2017-0283)

We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!MergeLigRecords, while trying to display text using a corrupted font file: --- 4e0.6dc: Access violation - code c0000005 first chance First chance exceptions are reported before any...

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rubysmb' require 'rubysmb/smb1/packet' class MetasploitModule 'MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption', 'Description' = %q This module is...

Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit

This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is...

WebKit HTMLFormElement Negative-Size Memmove

WebKit: Negative-size memmove in HTMLFormElement CVE-2017-2459 There is a negative-size memmove security vulnerability in WebKit. The vulnerability was confirmed on a nightly build of WebKit. The PoC has also been observed to crash Safari 10.0.2 on Mac. PoC Note: It might take a couple of refresh...

Apple WebKit - Negative-Size memmove in HTMLFormElement Exploit

Exploit for multiple platform in category dos / poc function go var iframe = document.getElementById"iframe"; var iframeWindow = window0; var toInsert = div; var iframeBody = iframeWindow.document.body; iframeBody.beforedocument.body; iframe.aftertoInsert; aaaaaaaa !--...

Apple WebKit - Negative-Size memmove in HTMLFormElement

function go var iframe = document.getElementById"iframe"; var iframeWindow = window0; var toInsert = div; var iframeBody = iframeWindow.document.body; iframeBody.beforedocument.body; iframe.aftertoInsert; aaaaaaaa !-- ================================================================= Preliminary...

Apple WebKit - Negative-Size memmove in HTMLFormElement

Apple WebKit - Negative-Size memmove in HTMLFormElement function go var iframe = document.getElementById"iframe"; var iframeWindow = window0; var toInsert = div; var iframeBody = iframeWindow.document.body; iframeBody.beforedocument.body; iframe.aftertoInsert; aaaaaaaa !--...

GLSA-201702-15 : OCaml: Buffer overflow and information disclosure

The remote host is affected by the vulnerability described in GLSA-201702-15 OCaml: Buffer overflow and information disclosure It was discovered that OCaml was vulnerable to a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign-extended from 32- to...

OCaml: Buffer overflow and information disclosure

Background OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. Description It was discovered that OCaml was vulnerable to a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be...

[SECURITY] [DLA 466-1] ocaml security update

Package : ocaml Version : 3.12.1-4+deb7u1 CVE ID : CVE-2015-8869 OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads...

OSEC-2016-01 Buffer overflow and information leak in OCaml < 4.03.0

Bug description OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads arguments between 2GiB and 4GiB to be interpreted as...

Taming the wild copy: Parallel Thread Corruption

Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...