CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability
Rather subtle bug in the ASN.1 parsing state machine that comes down to one area of code being unaware of an edge case in another.
Rather subtle bug in the ASN.1 parsing state machine that comes down to one area of code being unaware of an edge case in another.
Slight race-condition in the Pritunl VPN client leading to a semi-controlled file-write as SYSTEM which could be leveraged into code execution as SYSTEM.
Somewhat traditional CE.TE request smuggling attack on a few of Apple’s domains.The main trick with this one was to place a \n
in the Transfer-Encoding
header name…
Server-Side Request Forgery with both server-side and client-sided impacts.
Cool little trick against the NodeBB oauth flow resulting in a CSRF that would associate an attackers third-party account with a victim NodeBB account.
tl;dr Two CVEs, one an integer overflow due to incorrectly assuming the compiler would optimize an enum
into a single byte, and the other some uninitialized kernel stack variables that could be exposed to userspace.
Follow-up to the December post which covered an int overflow in the CoreGraphics PDF parser for the JBIG2 image format, which implemented a weird machine / mini architecture to execute code. This post covers the sandbox escape that was chained with it, which unlike the first bug, is a logic issue rather than a memory corruption.
The title says it all, CSRF protection was disabled for a period of time on Stripe’s Dashboard.As the most sensitive actions required reentering the user’s password or solving a captcha the damage was limited but you could still change various account settings…
Sometimes vulnerabilities come from trying to be too generic/handle all the possibilities, this is one of those situations.What you have the Spring Framework letting users write simple Java classes with fields, getters/setters and setting those up as models for a particular endpoint…
Weak entropy in a password reset token, and an archive escape using symlinks to achieve code execution.