Vulnerabilities tagged "background"

FORCEDENTRY: Sandbox Escape

Follow-up to the December post which covered an int overflow in the CoreGraphics PDF parser for the JBIG2 image format, which implemented a weird machine / mini architecture to execute code. This post covers the sandbox escape that was chained with it, which unlike the first bug, is a logic issue rather than a memory corruption.
 

Exploitation of an OOB Write in Netfilter [CVE-2022-25636]

We have [previously](https://dayzerosec.com/vulns/2022/03/02/linux-kernel-heap-out-of-bounds-write-in-nfdupnetdevc-since-54.html) covered this bug, its an out-of-bounds access due to a broken assumption in every `dup` command having an associated immediate. When that assumption is broken by manually crafting netfilter rules `nft_fwd_dup_netdev_offload` function will perform an out of bounds access as it increments too far.
 
1
2
3
4
5
6