Exploit for Out-of-bounds Write in Apple Macos

CVE-2021-30853 A simple POC script to test for CVE-2021-30657...

FreeBSD Buffer Overflow Vulnerability (CNVD-2020-38773)

FreeBSD is a type of UNIX operating system, an important branch of Unix that evolved from BSD, 386BSD and 4.4BSD. FreeBSD suffers from a posixspawnp buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

FreeBSD : FreeBSD -- posix_spawnp(3) buffer overflow (f8b46415-c264-11ea-8659-901b0ef719ab)

posixspawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH environment variable...

CVE-2020-7458

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posixspawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution...

Heap overflow

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posixspawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution...

CVE-2020-7458

CVE-2020-7458 affects FreeBSD: long values in the user-controlled PATH env variable can cause posix_spawnp to write beyond the end of the heap-allocated stack, potentially leading to arbitrary code execution. Affected: FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEA...

CVE-2020-7458

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posixspawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution...

FreeBSD -- posix_spawnp(3) buffer overflow

Problem Description: posixspawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH...

FreeBSD-SA-20:18.posix_spawnp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:18.posixspawnp Security Advisory The FreeBSD Project Topic: posixspawnp3 buffer overflow Category: core Module: libc Announced: 2020-07-08 Credits: Andrew...