exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 1,855 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2024-03-18
dav1d Integer Overflow / Out-Of-Bounds Write
Posted Mar 18, 2024
Authored by Ivan Fratric, Google Security Research, Nick Galloway

There is an integer overflow in dav1d when decoding an AV1 video with large width/height. The integer overflow may result in an out-of-bounds write.

tags | exploit, overflow
advisories | CVE-2024-1580
SHA-256 | 258b775b05e2d4378551ee4e66e5c90a5df4e7d9ef5dc5c37abec0ba66db8a8e
Telegram For Android Connection::onReceivedData Use-After-Free
Posted Feb 28, 2024
Authored by Google Security Research, Mark Brand

In the tgnet library used in Telegram messenger for Android, there is a use-after-free vulnerability in Connection::onReceivedData that can be triggered remotely.

tags | exploit
SHA-256 | bca6a67a76c752f1ecdcd8907312e1eb9daa4808f56fcf845f91420c4d98f5d4
Chrome chrome.pageCapture.saveAsMHTML() Extension API Blocked Origin Bypass
Posted Feb 19, 2024
Authored by Jann Horn, Google Security Research

Chrome has an issue where the chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to a racy access check.

tags | exploit
advisories | CVE-2024-0811
SHA-256 | c081d9b3a89b0a80ccfbb9fc08c3373284b83957b305d8759f551dfbed038c66
MediaTek WLAN Driver Memory Corruption
Posted Feb 8, 2024
Authored by Google Security Research, Seth Jenkins

The MediaTek WLAN driver has VFS read handlers that do not check buffer size leading to userland memory corruption.

tags | exploit
SHA-256 | e02f5b1f1d435ca3340b9ddef6433031cb241ad315800f041e8e425d3ac596dd
Chrome content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest Heap Use-After-Free
Posted Jan 26, 2024
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free vulnerability in content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest.

tags | exploit
advisories | CVE-2023-6112
SHA-256 | 5991378cd81b0bd15e90459d13e7396782910b67862cf292906e095dca2e9175
Linux 5.6 io_uring Cred Refcount Overflow
Posted Jan 19, 2024
Authored by Jann Horn, Google Security Research

Linux versions 5.6 and above appear to suffer from a cred refcount overflow when handling approximately 39 gigabytes of memory usage via io_uring.

tags | exploit, overflow
systems | linux
SHA-256 | eb6cd67301b0a3753b8bd45f998819605fcd09521aac98683535cba1e70af180
macOS AppleVADriver Out-Of-Bounds Write
Posted Jan 12, 2024
Authored by Ivan Fratric, Google Security Research

macOS suffers from an out-of-bounds write vulnerability in AppleVADriver when decoding mpeg2 videos.

tags | exploit
advisories | CVE-2023-42882
SHA-256 | a755a34876f36a8a24fb4024eeda524426d61439be93ad37d2aa3f187ed43ce5
macOS AppleGVA Memory Handling
Posted Jan 12, 2024
Authored by Ivan Fratric, Google Security Research

On Intel macOS, HEVC video decoding is performed in the AppleGVA module. Using fuzzing, researchers identified multiple issues in this decoder. The issues range from out-of-bounds writes, out-of-bounds reads and, in one case, free() on an invalid address. All of the issues were reproduced on macOS Ventura 13.6 running on a 2018 Mac mini (Intel based).

tags | exploit
advisories | CVE-2023-42926
SHA-256 | ed851479d112d861e65e1f2c3cbdcfb9751f8aafbae00aece5139de5128c88b0
Linux 4.20 KTLS Read-Only Write
Posted Jan 12, 2024
Authored by Jann Horn, Google Security Research

Linux versions 4.20 and above have an issue where ktls writes into spliced readonly pages.

tags | exploit
systems | linux
advisories | CVE-2022-0847
SHA-256 | c8a387c3d377fb9915457e6c2add6c04bc585011d822e7f419d1a632b108342d
Linux Broken Unix GC Interaction Use-After-Free
Posted Jan 12, 2024
Authored by Jann Horn, Google Security Research

Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction.

tags | exploit
systems | linux, unix
advisories | CVE-2022-2602, CVE-2023-6531
SHA-256 | f69e0977a025727662a99855b4620c72daf61a181fc942af121b5a2aba667456
Microsoft Windows Registry Predefined Keys Privilege Escalation
Posted Jan 11, 2024
Authored by Google Security Research, mjurczyk

Predefined keys in the Microsoft Windows Registry may lead to confused deputy problems and local privilege escalation.

tags | exploit, local, registry
systems | windows
advisories | CVE-2023-35356, CVE-2023-35633
SHA-256 | a4c3435d9c5e52f576c70ff4db3da2de108e219bbd349f1ce79de1a81c042945
Linux 6.4 io_uring Use-After-Free
Posted Jan 8, 2024
Authored by Jann Horn, Google Security Research

Linux versions 6.4 and above suffer from an io_uring page use-after-free vulnerability via buffer ring mmap.

tags | exploit
systems | linux
SHA-256 | bdd56a2cf8ae5ffb5b1e0cf855da69a640ead67ed0ab5559b57abc88c22cd6f9
io_uring __io_uaddr_map() Dangerous Multi-Page Handling
Posted Jan 8, 2024
Authored by Jann Horn, Google Security Research

__io_uaddr_map() in io_uring suffers from dangerous handling of the multi-page region.

tags | exploit
advisories | CVE-2023-6560
SHA-256 | 36027428c2c544777c9a58e5240c8a00ac64b96a28b3c1c2a02ca9c040ca0b42
Microsoft Windows Kernel Information Disclosure
Posted Jan 3, 2024
Authored by Google Security Research, mjurczyk

Any unprivileged, local user in Microsoft Windows can disclose whether a specific file, directory or registry key exists in the system or not, even if they do not have the open right to it or enumerate right to its parent.

tags | exploit, local, registry
systems | windows
SHA-256 | eba081f5682137a596749db83d8591dfa5e5d9dffadba5ca011381bdd72018c4
Chrome BindTextSuggestionHostForFrame Type Confusion
Posted Jan 3, 2024
Authored by Google Security Research, Mark Brand

Chrome suffers from a type confusion vulnerability in BindTextSuggestionHostForFrame.

tags | exploit
advisories | CVE-2023-6348
SHA-256 | 1e0d6c4d28506761410dab47785b5675017ec524a79f43e93784caf59927dfba
Windows Kernel Race Conditions
Posted Dec 14, 2023
Authored by Google Security Research, mjurczyk

The Microsoft Windows Kernel has an issue with bad locking in registry virtualization that can result in race conditions.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2023-36403
SHA-256 | 8cf51c7afd8e880ffabc644d09f791fed4bac36689d7102f629eb746b2c13124
Windows Kernel Information Disclosure
Posted Dec 8, 2023
Authored by Google Security Research, mjurczyk

The Microsoft Windows Kernel has a time-of-check / time-of-use issue in verifying layered key security which may lead to information disclosure from privileged registry keys.

tags | exploit, kernel, registry, info disclosure
systems | windows
advisories | CVE-2023-36404
SHA-256 | d827eb89d09814af2562b27f8d81aceb5f4a617c3fbb070846fd5b39ebfaa03e
Arm Mali CSF Overflow / Use-After-Free
Posted Dec 8, 2023
Authored by Jann Horn, Google Security Research

Arm Mali CSF has a refcount overflow bugfix in r43p0 that was misclassified as a memory leak fix.

tags | exploit, overflow, memory leak
advisories | CVE-2023-4295
SHA-256 | 05a93b8780cfb3ee2e1142acedfd65b47dbf3a86e2c48f3c8256e45ceaf5837b
ARM Mali r44p0 Use-After-Free
Posted Dec 4, 2023
Authored by Jann Horn, Google Security Research

ARM Mali r44p0 suffers from a use-after-free vulnerability by freeing waitqueue with elements on it.

tags | exploit
advisories | CVE-2023-5427
SHA-256 | 4fea6948aa6c6c134d3f0e82d4d907da692a000feadff0b07880f486048867a4
WebRTC PacketRouter Dangling Entry
Posted Nov 28, 2023
Authored by Google Security Research, nedwill

A dangling pointer vulnerability is present in WebRTC's PacketRouter due to an SDP SIM group SSRC from one track (e.g., video) colliding with an existing SSRC from a different track (e.g., audio). This inconsistency between the send_modules_map_ and the send_modules_list_ can lead to a use after free.

tags | exploit
SHA-256 | 426fe7fd9743d7c7d9ba2167f870968aaad57ccdefafb8bca89ee26333cad8be
mtk-jpeg Driver Out-Of-Bounds Read / Write
Posted Nov 14, 2023
Authored by Google Security Research, Seth Jenkins

An out-of-bounds read / write due to missing bounds check in the mtk-jpeg driver can lead to memory corruption and potential escalation of privileges.

tags | exploit
advisories | CVE-2023-32837
SHA-256 | e41201a7980c88fc58347c600192d9a70df411c527756cf6c4ba17ebb7bb7705
Android mtk_jpeg Driver Race Condition / Privilege Escalation
Posted Nov 14, 2023
Authored by Google Security Research, Seth Jenkins

A race condition in the Android mtk_jpeg driver can lead to memory corruption and potential local privilege escalation.

tags | exploit, local
advisories | CVE-2023-32832
SHA-256 | b9bbc877dec293cdae380289c906920975d5c1e2eb6ec78818aa966c315357ce
Windows Kernel Containerized Registry Escape
Posted Nov 13, 2023
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a containerized registry escape through integer overflows in VrpBuildKeyPath and other weaknesses.

tags | exploit, overflow, kernel, registry
systems | windows
advisories | CVE-2023-36576
SHA-256 | c1feae840787713bb89848cc8ba310ff0f5a1d43e23d59e1de207223ba6d1278
PowerVR Out-Of-Bounds Access / Information Leak
Posted Oct 23, 2023
Authored by Jann Horn, Google Security Research

PowerVR suffers from a multitude of memory management bugs including out-of-bounds access and information leakage.

tags | exploit
advisories | CVE-2021-1050, CVE-2023-35685
SHA-256 | c135dd9da4f49945f6ffab49beafba001bf366477d6ac30866c7fd5a8b312a8e
Linux DCCP Information Leak
Posted Oct 16, 2023
Authored by Jann Horn, Google Security Research

Linux suffers from a small remote binary information leak in DCCP.

tags | exploit, remote
systems | linux
SHA-256 | 8f509db352a5daf100520971c2666cea99bc2b733614a6fbd107c438f44733be
Page 1 of 75
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close