Vulnerabilities tagged 'binary'

Two null dereferences and a Heap-based Overflow in Radare2

The two null-dereferences are pretty straight forward instances, the first being that when an error happens early on, a buffer is never assigned a value after the initial NULL assignment.In generic error handling code, it gets dereferenced assuming the error happened after it had been setup…


Capability Check Bypass in Fuchsia OS

The majority of this post is going into background on Fuchsia and exploiting a fake vulnerability, there was one novel vulnerability that the author came across though.To obtain a KASLR bypass, the author thought to try and gain access to the kernel log for any pointers that might be leaked…


Use-After-Free in Python 2.7+

Taking an unexpected reference to a memoryview object resulting in a use-after-free when the parent of said object is destroyed.Though this is a rather low impact bug because it requires control over the code being executed, so one could just write an os.system(...) call or something similar…


[PlayStation] Remote kernel heap overflow

Heap overflow in the mbuf zone in the PPPoE driver, which the PS4/PS5 borrow from NetBSD.The issue is the fact that pppoe_send_padr() can calculate a packet length that exceeds MCLBYTES (2048 bytes)…