curl: Incorrect sizeof() in Rustls Backend Memory Allocation

Summary There's a bug in lib/vtls/rustls.c where malloc uses sizeofciphersuites instead of sizeofciphersuites. This allocates memory based on pointer size rather than element size. Steps To Reproduce 1. Look at lib/vtls/rustls.c line 530: c const struct rustlssupportedciphersuite ciphersuites =...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrectly comparing the peripheralsize to the configuration pointer size, which could cause the kernel to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unvalidated target dynptr size, which could lead to out-of-bounds writes...

CVE-2023-53327

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Catch overflow of uptr and length syzkaller hits a WARNON when trying to have a uptr close to UINTPTRMAX: WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selftest.c:403 iommufdtest+0xb19/0x16f0 Modules linked...

DEBIAN-CVE-2023-53327

In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Catch overflow of uptr and length syzkaller hits a WARNON when trying to have a uptr close to UINTPTRMAX: WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selftest.c:403 iommufdtest+0xb19/0x16f0 Modules linked...

kernel: iommufd: Check for uptr overflow

A flaw was found in the iommufd subsystem of the Linux kernel. When setting up a mapping with a user virtual address that wraps past zero or otherwise triggers a pointer/size overflow, the kernel may fail to properly validate and constrain the user-provided values. This can result in a buffer...

Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1343 Here's a snippet of the method. void Lowerer::LowerBoundCheckIR::Instr const instr ... ifrightOpnd-IsIntConstOpnd IntConstType newOffset; if!IntConstMath::Addoffset, rightOpnd-AsIntConstOpnd-GetValue, &newOffset --- a offset...

Microsoft Edge Chakra: JIT - Lowerer::LowerBoundCheck Incorrect Integer Overflow Check

Microsoft Edge Chakra: JIT - Lowerer::LowerBoundCheck Incorrect Integer Overflow Check / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1343 Here's a snippet of the method. void Lowerer::LowerBoundCheckIR::Instr const instr ... ifrightOpnd-IsIntConstOpnd IntConstType newOffset;...