152 matches found
Out-of-bounds
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...
CVE-2020-0033
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...
Apple macOS 10.14.5 iOS 12.3 XNU - in6_pcbdetach Stale Pointer Use-After-Free
Apple macOS 10.14.5 iOS 12.3 XNU - in6pcbdetach Stale Pointer Use-After-Free Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: 0 res1.5: -1 // failure expected here...
macOS < 10.14.5 / iOS < 12.3 XNU - in6_pcbdetach Stale Pointer Use-After-Free Exploit
macOS soflags & SOFPCBCLEARING struct ipmoptions imo; struct ip6moptions im6o; inp-inpvflag = 0; if inp-in6poptions != NULL mfreeminp-in6poptions; inp-in6poptions = NULL; // in6poutputopts; // in6proute; // free IPv4 related resources in case of mapped addr if inp-inpoptions != NULL void...
XNU Stale Pointer Use-After-Free
XNU: Use-after-free due to stale pointer left by in6pcbdetach Related CVE Numbers: CVE-2019-8605Fixed-2019-May-13. Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: ...
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: 0 res1.5: -1 // failure expected here res2: 0 done ... crash Explanation The following snippet is taken from...
Adobe Flash GradientFill - Use-After-Frees
Source: https://code.google.com/p/google-security-research/issues/detail?id=557 There are a number of use-after-free vulnerabilities in MovieClip.beginGradientFill. If the spreadMethod or any other string parameter is an object with toString defined, this method can free the MovieClip, which is...
Null pointer dereference
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."...
CVE-2011-1793
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."...
CVE-2011-1793
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."...
VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability
VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Google Chrome is a web browser developed by Google that uses the WebKit...
Google Chrome WebKit Engine Ruby Tag Stale Pointer
No description provided by source. VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Google Chrome is a web browser developed by...
Debian DSA-2307-1 : chromium-browser - several vulnerabilities
Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-2818 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified oth...
Google Chrome < 13.0.782.107 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 13.0.782.107. As such, it is potentially affected by several vulnerabilities : - An unspecified error exists related to extension installation and confirmation dialogs. Issue 75821 - A stale pointer issue exists related to...
CVE-2011-2359
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."...
CVE-2011-2359
Removed by vendor...
Google Fixes 30 Bugs in Chrome, Pays $17K in Bounties
Google has fixed 30 bugs in version 13.0.782.107, the latest build of its Chrome browser, pushed to the stable channel for Windows, Mac and Linux today. 14 of the bugs are deemed high-risk, including cross-origin script injection, HTML range handling and URI handling issues. Nine of the bugs are...
Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Debian DSA-2245-1 : chromium-browser - several vulnerabilities
Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-1292 Use-after-free vulnerability in the frame-loader implementation in Google Chrome allows remote attackers to cause a denial of servi...
CVE-2011-1813
Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."...