Multiple vulnerabilities were announced in Git, the most interesting to me though are the integer overflows in parsing `.gitattributes` leading to out-of-bounds reads and writes.
Straight-forward issue, but kinda fun as it impacts the network code in several first-part Nintendo games across multiple consoles (3DS, Wii U, Switch).The `NetworkBuffer` in the network library has two methods `Add` and `Set` which are used to fill the backing buffer with data from the network...
Off-by-one issue as the bounds check `if (written_out > max_out)` will continue for one extra iteration after it has written `max_out` number of integers.
An integer overflow in SQLite's `sqlite3_str_vappendf`, large inputs when dealing with `q` `Q` or `w` format specifiers (unique to SQLite's implementation of `printf` used to escape quotes).In calculating the maximum buffer once escapes have been added the size may overflow to a negative value leading to SQLite using a 70byte (by default) stack allocated buffer...
An integer overflow in the official SHA-3 implementation as used by PHP, Python, Ruby and I'm sure other places.When updating a block that already has some data in it, it will try to calculate if the new partial block bytes will go out of bounds, it makes the classic mistake of adding the current index and the length of new data, then just checking if it is lower than a bounding value...
The core issue is the use of MAP_FIXED flag with mmap.Basically `pthread_allocate_stack` for every thread it creates, starting its mapping a new `STACK_SIZE` memory segment to a fixed address (calculated relative to `THREAD_STACK_START_ADDRESS` and the number of threads already allocated)...