1307 matches found
Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible via a documented GetObject API function to user-mo...
Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1179 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10 through the win32k!NtGdiGetOutlineTextMetricsInternalW system call. The system call...
OpenBSD 'qsort()' Function Denial of Service Vulnerability
OpenBSD is a BSD-based UNIX-like operating system. A security vulnerability in the OpenBSD 'qsort' function allows an attacker to exploit the vulnerability to submit a special request, consume stack memory resources, and conduct a denial of service attack...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
glibc: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2017-1000375
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions...
CVE-2017-1000378
The NetBSD qsort function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...
Code injection
The OpenBSD qsort function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...
Code injection
The NetBSD qsort function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...
CVE-2017-1000373
The OpenBSD qsort function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...
CVE-2017-1000373
The OpenBSD qsort function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in...
CVE-2017-1000366
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
CVE-2017-4903
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8...
CVE-2017-4903
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8...
Microsoft Windows 7 Kernel - win32k!xxxClientLpkDrawTextEx Stack Memory Disclosure
Microsoft Windows 7 Kernel - win32k!xxxClientLpkDrawTextEx Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1182 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other...
Microsoft Windows 7 Kernel - 'win32k!xxxClientLpkDrawTextEx' Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1182 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other platforms untested indirectly through the win32k!NtUserCreateWindowEx system call...
Windows Kernel stack memory disclosure in win32kfull!SfnINLPUAHDRAWMENUITEM (CVE-2017-0167)
We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 10 indirectly through the win32k! NtUserPaintMenuBar system call, or more specifically, through the user32! fnINLPUAHDRAWMENUITEM user-mode callback 107 on Windows...