Vulnerabilities tagged "binary"

Heap overflow in the mbuf zone in the PPPoE driver, which the PS4/PS5 borrow from NetBSD.The issue is the fact that `pppoe_send_padr()` can calculate a packet length that exceeds `MCLBYTES` (2048 bytes)...

Couple of bugs originating in Solana's JIT: one an optimization issue, the other a bad instruction choice, both found through fuzzing.

Multiple memory corruption bugs in Accel-PPP, an open-source VPN server.These bugs all follow the same basic flawed logic, a length is read from an attacker controlled buffer and then that length of data is copied from the buffer into an awaiting structure...

Memory corruption but only a denial of service out of it, a user-defined size is read and used in a calculation as it calculates the amount of bytes left ot read. This can potentially lead to a buffer overflow, but only writting into unmapped memory rather than corrupting any useful targets.

Two integer overflows discovered in the NetUSB.ko kernel module for doing USB over IP. Both were in the `SoftwareBus_dispatchNormalEPMsgOut` function, which seems to be a dispatch routine of sorts for user-received data.

Memory corruption issue in CLFS. The issue comes down to the parsing of log blocks when loading log files from disk.

An uninitialized pointer is freed by proving a malformed IOCA file with a `size_Y` of zero.What happens normally is that there is an initialization routine that iterates from `size_Y` to 0...

With a FUSE (Filesystem in USErspace) there are two modes of IO, either the normal kernel page cache can be used for handling read/write attempts or using `FOPEN_DIRECT_IO` in the open call the read/write requests can be sent directly to the userspace filesystem.In this mode the kernel will grab a reference to the userspace pages rather than copying them into kernel mode and map those pages over to the FUSE process...

An uninitalized "Fast Tracker" in the Window's HTTP Protocol stack as used by IIS. Despite providing a bit of a crash analysis and a POC the post is missing information about the vulnerability as their primary focus was on building out the exploit.

Three part blog series by Connor Mcgarr which covers exploiting a type confusion in Chakra-based Edge. Part 1 covers environment setup and the vulnerability, part 2 the core exploitation primitives, and part 3 porting the exploit to Edge and bypassing Edge mitigations.