7 matches found
CVE-2022-29694
Unicorn Engine vulnerable component: qemu_ram_free NULL pointer dereference in Unicorn Engine v2.0.0-rc7 and earlier. Impact: denial of service. Affected: Unicorn Engine (multi-platform CPU simulator) built on QEMU; root cause is dereferencing a null pointer in qemu_ram_free. Remediation: upgrade...
CVE-2022-29692
Unicorn Engine v1.0.3 contains a use-after-free vulnerability via its hook function. Multiple sources describe the issue in Unicorn Engine v1.0.3, with details identifying the vulnerability as a use-after-free conditioned on the hook function. The information available does not include a CVSS vec...
CVE-2022-29695
CVE-2022-29695 affects Unicorn Engine v2.0.0-rc7 and is caused by memory leaks from incomplete engine initialization. The vulnerability is documented across multiple sources in the connected set, including NVD and OSV records. Impact is described as memory leaks; remediation advised is upgrading ...
CVE-2022-29693
Summary (CVE-2022-29693) Unicorn Engine v2.0.0-rc7 and earlier is affected by a memory leak in the uc_close function implemented at /my/unicorn/uc.c. The issue has been documented across multiple sources (NVD/NVD variants, Snyk) as a memory leak vulnerability, with the reported impact being a par...
CVE-2021-44078
CVE-2021-44078 affects Unicorn Engine prior to 2.0.0-rc5. The issue is in the split_region path of uc.c (virtual memory manager) where a faulty comparison of GVA and GPA during uc_mem_map_ptr frees part of a claimed memory block, enabling a local attacker to escape the sandbox and execute arbitra...
CVE-2021-36979
CVE-2021-36979 affects Unicorn Engine 1.0.2, with an out-of-bounds write in tb_flush_armeb (invoked via cpu_arm_exec_armeb and tcg_cpu_exec_armeb). The flaw is rooted in the ARM EB path of the emulator; exploitation is local and can impact availability. NVD reports a base score of 5.5 (CVSS 3.1) ...
CVE-2020-36431
CVE-2020-36431 affects Unicorn Engine 1.0.2 and is due to an out-of-bounds write in the helper_wfe_arm function. The available data from connected documents indicate an exploit-relevant impact limited to availability (CVSS v3.1: 5.5, MEDIUM; vector: LOCAL, low privileges required, no user interac...