exploit the possibilities
Showing 1 - 25 of 1,470 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2020-02-20
OpenEXR Memory Safety Issues
Posted Feb 20, 2020
Authored by saelo, Google Security Research

OpenEXR suffers from multiple memory safety issues including out-of-bounds access.

tags | exploit
MD5 | 8d08baf0c93f03a247b45a66e29d52b0
XNU ip6_notify_pmtu Remote mbuf Double-Free
Posted Feb 20, 2020
Authored by Google Security Research, nedwill

XNU suffers from a remote mbuf double-free vulnerability in ip6_notify_pmtu.

tags | exploit, remote
advisories | CVE-2020-3842
MD5 | 39b3d56c2e54db8163253c7eaf5f31c9
Samsung /dev/tsmux Heap Out-Of-Bounds Write
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

The Samsung kernel suffers from a heap out-of-bounds write in /dev/tsmux.

tags | exploit, kernel
MD5 | 00005339bd5f67a8a2ca1f91df549119
XPC Memory Disclosure / Corruption
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

XPC fast path fails to ensure NULL termination of XPC strings, leading to memory disclosure and corruption vulnerabilities in XPC services.

tags | exploit, vulnerability
advisories | CVE-2020-3856
MD5 | 0f1657d7f62dc322829fee09424c0e5c
macOS / iOS launchd XPC Message Parsing Memory Corruption
Posted Feb 13, 2020
Authored by Google Security Research, ianbeer

launchd on macOS and iOS suffer from a memory corruption issue due to a lack of bounds checking when parsing XPC messages.

tags | exploit
systems | ios
advisories | CVE-2020-3829
MD5 | 1214e0a3adca8432caea6990153f7571
Samsung SEND_FILE_WITH_HEADER Use-After-Free
Posted Feb 12, 2020
Authored by Jann Horn, Google Security Research

Samsung suffers from a use-after-free vulnerability due to a missing lock in the SEND_FILE_WITH_HEADER handler in f_mtp_samsung.c.

tags | exploit
MD5 | c32b0a6b8edad815d87eab3aadeb33e9
Samsung Kernel PROCA Use-After-Free / Double-Free
Posted Feb 12, 2020
Authored by Jann Horn, Google Security Research

The Samsung kernel has logic bug and locking issues in PROCA that can lead to use-after-free and double-free issues from an application's context.

tags | exploit, kernel
MD5 | 4809998625c6770bf24721a33e8e7f18
Google Chrome PasswordFormManager::OnGeneratedPasswordAccepted Heap Buffer Overflow
Posted Feb 11, 2020
Authored by Google Security Research, Glazvunov

Google Chrome suffers from a heap buffer overflow in PasswordFormManager::OnGeneratedPasswordAccepted.

tags | exploit, overflow
MD5 | 807c6fca1ba5cabf11c809f7eb06d603
Google Chrome PannerHandler::TailTime Heap Use-After-Free
Posted Feb 11, 2020
Authored by Google Security Research, Glazvunov

Google Chrome suffers from a heap use-after-free vulnerability in PannerHandler::TailTime.

tags | exploit
MD5 | 978f6ee66cfcab4ee4a316ce1a962b16
usersctp sctp_load_addresses_from_init Out-Of-Bounds Read
Posted Feb 7, 2020
Authored by Google Security Research, natashenka

usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctp_load_addresses_from_init function of usersctp that can lead to a number of out-of-bound reads. The input to sctp_load_addresses_from_init is verified by calling sctp_arethere_unrecognized_parameters, however there is a difference in how these functions handle parameter bounds. The function sctp_arethere_unrecognized_parameters does not process a parameter that is partially outside of the limit of the chunk, meanwhile, sctp_load_addresses_from_init will continue processing until a parameter that is entirely outside of the chunk occurs. This means that the last parameter of a chunk is not always verified, which can lead to parameters with very short plen values being processed by sctp_load_addresses_from_init. This can lead to out-of-bounds reads whenever the plen is subtracted from the header len.

tags | exploit
MD5 | f7629110af96666d0b8af7e76ecfa60d
macOS/iOS IOAccelCommandQueue2::processSegmentKernelCommand() Out-Of-Bounds Timestamp Write
Posted Feb 7, 2020
Authored by Google Security Research, bazad

macOS and iOS suffers from an out-of-bounds timestamp write in IOAccelCommandQueue2::processSegmentKernelCommand().

tags | exploit
systems | ios
advisories | CVE-2020-3837
MD5 | 04c093e6bde68cbe168364f56f38b9ee
macOS/iOS ImageIO PVR Processing Out-Of-Bounds Read
Posted Feb 7, 2020
Authored by saelo, Google Security Research

macOS and iOS suffer from an ImageIO out-of-bounds read when processing PVR images.

tags | exploit
systems | ios
advisories | CVE-2020-3878
MD5 | 65a5c4717babccedb508eed5edd77a7d
macOS/iOS ImageIO PVR Image Processing Heap Corruption
Posted Feb 7, 2020
Authored by saelo, Google Security Research

macOS and iOS have an ImageIO heap corruption issue when processing malformed PVR images.

tags | exploit
systems | ios
advisories | CVE-2020-3878
MD5 | 09ee6affef93456d05af1a19df94303b
systemd-machined Incorrect Reference Decrement
Posted Feb 7, 2020
Authored by Tavis Ormandy, Google Security Research

systemd has an issue in systemd-machined where it decrements the reference count when references are still held.

tags | exploit
MD5 | 892461d03b79e21e6c1303c5d998422e
XNU OUserClient::_sendAsyncResult64() ipc_port Pointer Disclosure
Posted Feb 7, 2020
Authored by Google Security Research, bazad

The XNU function IOUserClient::_sendAsyncResult64() discloses the address of the ipc_port to which the notification is sent in the Mach message enqueued on the notification port.

tags | exploit
advisories | CVE-2020-3836
MD5 | 6ecb90fde4136a6abb3c8382394b9ae5
macOS/iOS XNU mk_timer_create_trap() Race Condition
Posted Feb 7, 2020
Authored by Google Security Research, bazad

macOS and iOS suffer from a race condition in XNU's mk_timer_create_trap() that can lead to type confusion.

tags | exploit
systems | ios
advisories | CVE-2020-3853
MD5 | 4e9dc95b3aaaa93bb8e5558c52ec93c3
libx264 H264 Conversion Out-Of-Bounds Write
Posted Feb 7, 2020
Authored by Google Security Research, natashenka

libx264 suffers from an out-of-bounds write when converting to H264.

tags | exploit
MD5 | a454ee0a3cf6ffcdaf4ffb1e2f6f1ea5
macOS ImageIO JPEG Out-Of-Bounds Write
Posted Feb 7, 2020
Authored by saelo, Google Security Research

ImageIO on macOS suffers from an issue where a heap out-of-bounds write occurs when processing JPEG images.

tags | exploit
advisories | CVE-2020-3827, CVE-2020-3870
MD5 | 97e1f93434c4368069b75479c4a0d5c6
macOS/iOS kern_stack_snapshot_internal() Userspace Share Issue
Posted Feb 7, 2020
Authored by Google Security Research, bazad

macOS and iOS suffer from an issue where kern_stack_snapshot_internal() shares non-zeroed kernel pages with userspace.

tags | exploit, kernel
systems | ios
advisories | CVE-2020-3875
MD5 | 9ba8ef3758b3008ca2cd79dcec2effb0
macOS/iOS ImageIO DDS Image Out-Of-Bounds Read
Posted Feb 7, 2020
Authored by saelo, Google Security Research

macOS and iOS suffer from an out-of-bounds read when processing DDS images with ImageIO.

tags | exploit
systems | ios
advisories | CVE-2020-3826
MD5 | 744a77b150f3b9b90f322d4ef38f096d
macOS / iOS ImageIO Heap Corruption
Posted Jan 27, 2020
Authored by saelo, Google Security Research

macOS and iOS suffers from an ImageIO heap corruption vulnerability when processing malformed TIFF images.

tags | exploit
systems | ios
MD5 | f09a3684b3b87ef878c518dc38922c1c
XNU vm_map_copy Insufficient Fix
Posted Jan 22, 2020
Authored by Google Security Research, ianbeer

An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.

tags | exploit
advisories | CVE-2019-6205, CVE-2019-8833
MD5 | f8e6dfd4187cd8bfbcbdada394e14738
Android ashmem Read-Only Bypasses
Posted Jan 10, 2020
Authored by Jann Horn, Google Security Research

Android suffers from ashmem read-only bypass vulnerabilities via remap_file_pages() and ASHMEM_UNPIN.

tags | exploit, vulnerability
advisories | CVE-2020-0009
MD5 | 1ce1f492c6697220a1377f632e2b8f79
WeChat CAudioJBM::InputAudioFrameToJBM Memory Corruption
Posted Jan 10, 2020
Authored by Google Security Research, natashenka

There is a memory corruption vulnerability in audio processing during a voice call in WeChat. When an RTP packet is processed, there is a call to UnpacketRTP. This function decrements the length of the packet by 12 without checking that the packet has at least 12 bytes in it. This leads to a negative packet length. Then, CAudioJBM::InputAudioFrameToJBM will check that the packet size is smaller than the size of a buffer before calling memcpy, but this check (n < 300) does not consider that the packet length could be negative due to the previous error. This leads to an out-of-bounds copy.

tags | exploit
MD5 | d5e852c27b43a4bc7e13605282d84e25
FaceTime _RSU_DecodeByteBuffer Out-Of-Bounds Read
Posted Dec 20, 2019
Authored by Google Security Research, natashenka

FaceTime suffers from an out-of-bounds read vulnerability in _RSU_DecodeByteBuffer.

tags | exploit
advisories | CVE-2019-8830
MD5 | 77e7d5ed9577e8022d167f6d39eeded3
Page 1 of 59
Back12345Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close