what you don't know can hurt you
Showing 1 - 25 of 1,509 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2020-08-04
c-ares 1.16.0 Use-After-Free
Posted Aug 4, 2020
Authored by Jann Horn, Google Security Research

c-ares version 1.16.0 has an issue where ares_destroy() with pending ares_getaddrinfo() leads to a use-after-free condition.

tags | advisory
MD5 | 1464ba2a11ec60f5b9714b8e26693d59
iOS Page Protection Layer (PPL) Bypass
Posted Jul 31, 2020
Authored by Google Security Research, bazad

iOS suffers from a Page Protection Layer (PPL) bypass due to incorrect argument verification in pmap_protect_options_internal() and pmap_remove_options_internal().

tags | exploit
systems | ios
advisories | CVE-2020-9909
MD5 | 880d5a7841d44d213ff1f1ca340b8776
WebRTC usrsctp Incorrect Call
Posted Jul 31, 2020
Authored by Google Security Research

When usrsctp is used with a custom transport, an address must be provided to usrsctp_conninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value. Unfortunately, this value is often transmitted to the peer, for example to validate signing of the cookie. This could allow an attacker access to the location in memory of the SctpTransport of a peer, bypassing ASLR.

tags | advisory
advisories | CVE-2020-6514
MD5 | 6a5a0cbe8a76c5e374b2d723099f60cd
usrsctp Stack Buffer Overflow
Posted Jul 20, 2020
Authored by Google Security Research, natashenka

There is a stack buffer overflow in usrsctp when a server processes a skipped auth block from an incoming connection. Proof of concept exploit included.

tags | exploit, overflow, proof of concept
advisories | CVE-2020-6831
MD5 | f695f6ee0ee2bf74c0b85f014497b37f
VMware ESXi Use-After-Free / Out-Of-Bounds Access
Posted Jul 17, 2020
Authored by Google Security Research, Cfir Cohen

Several security issues have been identified in the VMware ESIx virtual machine monitor (VMM). A use-after-free (UAF) vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads.

tags | advisory, info disclosure
advisories | CVE-2020-3960, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965
MD5 | d2417f8af8ebed99ebd6fdfff7a2c153
iOS / macOS Wifi Proximity Kernel Double-Free
Posted Jun 25, 2020
Authored by Google Security Research, ianbeer

iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.

tags | exploit, kernel
systems | ios
advisories | CVE-2020-3843, CVE-2020-9844
MD5 | cdd1c47241bd866a69b6c59cc0b23828
Node.js Hostname Verification Bypass
Posted Jun 3, 2020
Authored by FX, Google Security Research

Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.

tags | exploit
MD5 | 9bde5356a44eb307d096d404cbcdc1d0
JSC JIT Out-Of-Bounds Access
Posted Jun 3, 2020
Authored by saelo, Google Security Research

The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.

tags | exploit
advisories | CVE-2020-9802
MD5 | 0b1a6974a8c2118b0cb88077ae99fe29
Avast Array.prototype.toString Out-Of-Bounds Copy
Posted Jun 1, 2020
Authored by Tavis Ormandy, Google Security Research

Avast suffers from an out-of-bounds copy vulnerability in Array.prototype.toString.

tags | exploit
MD5 | 59b15e0413a1cb080644249586af9699
Firefox Default Content Process DACL Sandbox Escape
Posted May 28, 2020
Authored by James Forshaw, Google Security Research

The Firefox content processes do not sufficiently lockdown access control which can result in a sandbox escape.

tags | exploit
advisories | CVE-2020-12388
MD5 | 1b90a8f7ec30889bdb9321cdf60bc14e
SecureCRT Memory Corruption
Posted May 15, 2020
Authored by Tavis Ormandy, Google Security Research

SecureCRT suffers from a memory corruption vulnerability in CSI functions.

tags | exploit
advisories | CVE-2020-12651
MD5 | e90a6d22c2cdbe99b5796b3c3e382581
Adobe DNG SDK Memory Corruption
Posted May 12, 2020
Authored by Google Security Research, mjurczyk

Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.

tags | exploit
MD5 | 8765bb50cd9ee3abccbc2fb01d8b87fe
Adobe DNG SDK dng_lossless_decoder::DecodeImage Out-Of-Bounds Read
Posted May 12, 2020
Authored by Google Security Research, mjurczyk

Adobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.

tags | exploit, arbitrary
MD5 | a7f302c6df4c350ca29113200164e83b
Chrome Typer::Visitor::TypeInductionVariablePhi Type Inference
Posted May 12, 2020
Authored by Google Security Research, Glazvunov, Tim Willis

Chrome suffers from a Typer::Visitor::TypeInductionVariablePhi type inference issue.

tags | exploit
MD5 | 293e69e50741f8cbad5283dac07b0c15
Linux 5.6 IORING_OP_MADVISE Race Condition
Posted May 8, 2020
Authored by Jann Horn, Google Security Research

Linux 5.6 has an issue with IORING_OP_MADVISE racing with coredumping.

tags | exploit
systems | linux
MD5 | 48173960a553b8ac2d2d1b4706631456
Linux futex+VFS Use-After-Free
Posted May 8, 2020
Authored by Jann Horn, Google Security Research

Linux futex+VFS suffers from an improper inode reference in get_futex_key() that causes a use-after-free if the superblock goes away.

tags | exploit
systems | linux
MD5 | b10f0f2bf1162cf416ade38ced936f86
Samsung Android Remote Code Execution
Posted May 8, 2020
Authored by Google Security Research, mjurczyk

Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2020-8899
MD5 | 3f9f4d5bfc619d4b462f0ef931e31a05
Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access
Posted May 1, 2020
Authored by Google Security Research, Glazvunov

Firefox suffers from an out-of-bounds access vulnerability in js::ReadableStreamCloseInternal.

tags | exploit
advisories | CVE-2020-6806
MD5 | e4939c663c04ebd98c353cdec851448a
Chrome ReadableStream::Close Out-Of-Bounds Access
Posted Apr 28, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from an out-of-bounds access vulnerability in ReadableStream::Close.

tags | exploit
advisories | CVE-2020-6390
MD5 | 4c46f95d1539b549419377053d9c4c19
WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access
Posted Apr 23, 2020
Authored by Google Security Research, Glazvunov

WebKit has a data race condition in AudioArray::allocate that can lead to out-of-bounds access.

tags | exploit
advisories | CVE-2020-3894
MD5 | c2a83f90664d44d8317ce95d7a23c445
WebRTC Layer Info Out-Of-Bounds Write
Posted Apr 23, 2020
Authored by Google Security Research, natashenka

WebRTC suffers from an out-of-bounds memory write in the method RtpFrameReferenceFinder::UpdateLayerInfoH264. This occurs when updating the layer info with the frame marking extension.

tags | exploit
MD5 | 8491bafa68aebbbeaeec3108e1ccc8fa
Chrome AudioArray::Allocate Data Race / Out-Of-Bounds Access
Posted Apr 23, 2020
Authored by Google Security Research, Glazvunov

Chrome suffers from an issue where a data race in AudioArray::Allocate can lead to out-of-bounds access.

tags | exploit
advisories | CVE-2020-6388
MD5 | 4fdac360982c541290848cba88dc91c7
WebRTC FEC Extension Processing Out-Of-Bounds Write
Posted Apr 23, 2020
Authored by Google Security Research, natashenka

When WebRTC processes a packet using FEC, it does not adequately check bounds when zeroing the video timing extension.

tags | exploit
MD5 | e7646bc10c00f9249d8d1cbc7ec9e677
haproxy hpack-tbl.c Out-Of-Bounds Write
Posted Apr 21, 2020
Authored by FX, Google Security Research

The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).

tags | exploit, web
advisories | CVE-2020-11100
MD5 | ec4200ed138e11159b83e1a1d18ff6d3
Git Credential Helper Protocol Newline Injection
Posted Apr 15, 2020
Authored by FX, Google Security Research

A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.

tags | exploit, protocol
advisories | CVE-2020-5260
MD5 | c958ad3ac0a7a989d1f7f2c9f24fadb6
Page 1 of 61
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close