CVE-2017-16796

In SWFTools 0.9.2, the pngload function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service invalid write and application crash or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file...

BSA-2017-274

Security Advisory ID : BSA-2017-274 Component : Authfile.c in sshd in OpenSSH before 7.4 Revision : 3.0: Final authfile.cinsshdinOpenSSHbefore 7.4 does not properly consider the effects ofreallocon buffer contents, which might allow local users to obtain sensitive private-key information by...

shopify-scripts: SIGABRT - mirb and mruby

PoC ------------------- The following code triggers the bug attached as test.rb: def methodmissingm,e self.ff||=00end e Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb Reading symbols from ./mirb...done. gdb r test.rb Starting program: /home/x/Desktop/test/mruby/bin/mi...

shopify-scripts: SIGABRT in only mirb

PoC ------------------- The following code triggers the bug attached as test.rb: def tostr 00end 0.times Debug - mirb ------------------- The program being debugged has been started already. Start it from the beginning? y or n y Starting program: /home/x/Desktop/test/mruby/bin/mirb test.rb mirb -...

ALPINE-CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

UBUNTU-CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

CURL-CVE-2016-8619 double free in krb5 code

In curl's implementation of the Kerberos authentication mechanism, the function readdata in security.c is used to fill the necessary krb5 structures. When reading one of the length fields from the socket, it fails to ensure that the length parameter passed to realloc is not set to 0. This would...

CVE-2016-6309

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service use-after-free or possibly execute arbitrary code via a crafted TLS session...

Wireshark - addresses_equal 'dissect_rsvp_common' Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=645 The following crash due to a use-after-free condition can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": Attached are three files...

Python 2.7 - 'array.fromstring' Method Use-After-Free

Title: Python 2.7 array.fromstring Use After Free Credit: John Leitch [email protected] Url1: http://autosectools.com/Page/Python-array-fromstring-Use-After-Free Url2: http://bugs.python.org/issue24613 Resolution: Fixed The Python 2.7 array.fromstring method suffers from a use after free caus...

Python 2.7 array.fromstring Use After Free Vulnerability

Python 2.7 array.fromstring method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring call. Title: Python 2.7 array.fromstring Use After Free Credit: John Leitch email protected Url1:...

Python 2.7 array.fromstring Use After Free

Title: Python 2.7 array.fromstring Use After Free Credit: John Leitch [email protected] Url1: http://autosectools.com/Page/Python-array-fromstring-Use-After-Free Url2: http://bugs.python.org/issue24613 Resolution: Fixed The Python 2.7 array.fromstring method suffers from a use after free caus...

Amazon Linux: Security Advisory (ALAS-2011-7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2015-6242

The wmemblocksplitfreechunk function in epan/wmem/wmemallocatorblock.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote...

dislocate 1.3 - Local i386 Exploit

No description provided by source. / MasterSecuritY www.mastersecurity.fr dislocate.c - Local i386 exploit in v1.3 Secure Locate v2.3 Copyright C 2000 Michel MaXX Kaempf [email protected] Updated versions of this exploit and the corresponding advisory will be made available at:...

CVS 1.11.x Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10499/info CVS is prone to multiple vulnerabilities. The issues include a double free vulnerability, format string vulnerabilities, and integer overflows. There is also a null termination issue in the security patch for B...

sudo security, bug fix and enhancement update

1.8.6p3-12 - added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 Resolves: rhbz1015355 1.8.6p3-11 - sssd: fixed a bug in ipahostname processing Resolves: rhbz853542 1.8.6p3-10 - sssd: fixed buffer size for the ipahostname value Resolves: rhbz853542 1.8.6p3-9 - sssd: match against...

DEBIAN-CVE-2013-4371

Use-after-free vulnerability in the libxllistcpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service heap corruption and crash...

Amazon Linux AMI : php (ALAS-2011-07)

The MITRE CVE database describes these CVEs as : Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent...

OpenSSL 1.0.1 Memory Corruption

Exploit for multiple platform in category remote exploits Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing...