There is an out-of-bounds access that comes because of a difference between parsing the huffman tables vs using the huffman tables.While parsing the table, the function ensures that each identifier can only be between 0 and 3...
A secure boot bypass by finding an issue before the boot image has been verified.
A remotely reachable stack-based buffer overflow in the Linux Kernel's TIPC module due to a not performing a bounds check in an edge case.
The first issue, is an incorrect computation in golang impacting `go-ethereum`.Its an interesting case, because a base computation might lead to some issues but it usually isn't a security issue...
Mistrusting some extended attributes, using them to calculate an offset leading to out-of-bound read/write primitives; presumably exploitable since these were used at Pwn2Own.In the `fruit_pread` function will read the `org.netatalk.Metadata` extended attribute which can unauthenticated user can set...
A cool bug in H2O's QUIC implementation leading to disclosing uninitialized memory.Stream data in HTTP/3 comes in an encoding similar to chunked encoding, including an offset in the chain, the data size and teh data itself...
Once again, the use of user-mode callbacks in the Windows kernel enabled an attacker to change out the type of an object unexpectedly leading to a type confusion.
This was an interesting data based attack all because it was assumed there would be arguments in `argv`.A for-loop starts with `n=1` looping until `n < argv`...
Two vulnerabilities in Zoom, a buffer overflow that affected Multi-Media Routers (MMR) servers and client, and an infoleak that only affected MMR servers. Both issues were found in various `load_from()` methods for serialization classes used in Real-time Transport Protocol (RTP) for audio/video content.
Use-after-free in the `ipc_port` subsystem of XNU, specifically the `ipc_port_copy_send()` function.This function would try to copy and send data on an IPC port, and attempts to account for a bunch of edge-cases on the state of the port...