23 matches found
A look at an Android ITW DNG exploit
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images show...
EUVD-2023-25534
Malicious code in bioql PyPI...
EUVD-2023-25535
Malicious code in bioql PyPI...
NanoTag: Systems Support for Efficient Byte-Granular Overflow Detection on ARM MTE
Memory safety bugs, such as buffer overflows and use-after-frees, are the leading causes of software safety issues in production. Software-based approaches, e.g., Address Sanitizer ASAN, can detect such bugs with high precision, but with prohibitively high overhead. ARM's Memory Tagging Extension...
MAL-2025-8499 Malicious code in @malware-test-bikes-color-scudo-sapor/test-mlw3-bikes-color-scudo-sapor (npm)
The package @malware-test-bikes-color-scudo-sapor/test-mlw3-bikes-color-scudo-sapor was found to contain malicious code...
CVE-2023-21366
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Google Android Information Disclosure Vulnerability (CNVD-2024-02706)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by an insecure implementation/design in Scudo. An attacker can exploit this vulnerability to obtain sensitive information...
Google Android Information Disclosure Vulnerability (CNVD-2024-02711)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by an insecure implementation/design in Scudo. An attacker can exploit this vulnerability to obtain sensitive information...
CVE-2023-21367
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21367
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21366
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21366
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Heap overflow
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Heap overflow
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21367
CVE-2023-21367 concerns the Android Scudo memory allocator. The connected documents confirm a heap OOB read/write due to an insecure implementation/design, enabling local information disclosure without extra execution privileges and with no user interaction required. The Android 14 security relea...
CVE-2023-21367
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21367
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21366
Technical details (affected products, exact vulnerable component, versions, exploit specifics) are not publicly available in the provided Connected documents for CVE-2023-21366. Monitor for updates.
CVE-2023-21366
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21366
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...