Show Notes

168 - Exploiting Undefined Behavior and a Chrome UAF

00:00:52
Spot the Vuln - The Right Start
00:03:25
Look out! Divergent representations are everywhere!

No specific issue here just talking about what divergent representations are.

A divergent representation occurs when a compiler applies program optimizations that cause a single source variable to be represented with different semantics in the output program.

Or in a more concrete sense where:

int index_of(char *buf, char target) {
    int i;
    for (i=0; buf[i] != target; i++) {}
    return i;
}
/* ... */
buf[index_of(buf, target)] == target

Where the condition can be false because of having divergent representations of i in index of. Which is what happens when compiled wiht -O1 and above.

00:12:18
Chrome: heap-use-after-free in password_manager::WellKnownChangePasswordState::SetChangePasswordResponseCode
00:17:34
Netgear Nighthawk r7000p aws_json Unauthenticated Double Stack Overflow Vulnerability
00:23:52
A validation flaw in Netfilter leading to Local Privilege Escalation [CVE-2022-1015]
00:25:03
Windows Kernel multiple memory corruption issues when operating on very long registry paths
Additional Links: https://bugs.chromium.org/p/project-zero/issues/detail?id=2332 https://bugs.chromium.org/p/project-zero/issues/detail?id=2344