Vulnerabilities tagged "exploit strategy"

First a bit of background terminology as I understand it. Not being familiar with v8 there are likely some subtleties I am missing.

Straight forward version is two Out-Of-Bounds accesses in reading and writing the `Driver feature set`. A guest provided value is stored, and then used as an array index without any validation both in `PciVirtIOWriteMM` and in `PciVirtIOReadMM` giving relative read/write primitives.

Its hard to even call this one a vulnerability, the driver developers simply expose some kernel primitives directly to userland, nothing crazy needed.The driver supporting HP OMEN Gaming Hub software directly exposes several privileged instructions through IOCTLs...

Straightforward use-after-free in libcurl when processing MQTTs.The `mqtt_doing()` routine will attempt to send any remainder of outgoing packet data using the `mq->sendleftovers` pointer, freeing that pointer, but then never clearing the reference...

Synaktiv ended up investigating the Western Digital Pro PR4100 when looking at the target list for pwn2own tokyo 2020.When looking at this device, they took particular interest in the webserver, and reversed the cgi-bin that implemented it...

Plenty of background here, both in terms of software, architecture, and testing environment.Probably worth checking out if you want to get into car hacking...

Interesting post that covers a bit about the meta of bug-hunting in Source Engine games and some how-to information. There are two OOB read vulnerabilities used in the chain.

Two vulnerabilities, both in ConnMann a root service for managing network connections, a stack-based overflow and a stack leak.

Base issue is that when handling a file upload (two locations do this) the buffer is allocated based on Content-Length, but the memcpy is based on the actual payload length. Creating a heap overflow.

Porting of a V8 nday to Tesla Model 3.The vuln is older (from 2020) and is a turbofan optimizer based bug...