CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers

Posted by Ian Beer, Google Project Zero This blog post is my analysis of a vulnerability exploited in the wild and patched in early 2021. Like the writeup published last week looking at an ASN.1 parser bug, this blog post is based on the notes I took as I was analyzing the patch and trying to...

OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

DEBIAN-CVE-2021-30020

In the function gfhevcreadppsbsinternal function in mediatools/avparsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps-numtilecolumns may be larger than sizeofpps-columnwidth, which results in a heap overflow in the loop...

CVE-2020-27250

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014, a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-base...

GNU Binutils 代码问题漏洞

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A null pointer dereference vulnerability exists in bfdpefparsefunctionstubs in bfd/pef.c in versions of GNU Binutils prior to 2.34. An attacker can...

mysql: Server: Parser unspecified vulnerability (CPU Jan 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

CVE-2020-12883

Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sncoapparseroptionsparse parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point packetdatapptr ...

rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...

rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...

rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...

CVE-2019-5133

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...

http-parser security and bug fix update

2.8.0-5 - Resolves: rhbz1686488: 'make test' fails with stringop-overflow error 2.8.0-4 - Resolves: rhbz1666382: CVE-2018-12121 http-parser: nodejs: Denial of Service with large HTTP headers rhel-8 2.8.0-3 - spec: make the check phase conditional...

DEBIAN-CVE-2019-14493

An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...

libical: Heap buffer over read in icalparser.c parser_get_next_char

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parsergetnextchar when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7.1...

UBUNTU-CVE-2018-11419

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function via a RegExp"\u0" payload, related to reparsecharclass in parser/regexp/re-parser.c...

tcpdump: Infinite loop due to bugs in print-isakmp.c, several functions in ISAKMP parser

The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions...

tcpdump: Buffer over-read in print-icmp.c:icmp_print() in ICMP parser

The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmpprint...

DEBIAN-CVE-2017-13028

The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootpprint...