AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() ![]() Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. ![]() No known workarounds exist.Ī write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. ![]() This has been patched in Redis version 7.0.5. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Redis is an in-memory database that persists on disk. There are no known workarounds for this vulnerability. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. ![]() Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround. The fix has been included in USBX release (). This may allow one to redirect the code execution flow or introduce a denial of service. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (``) is enabled.* This vulnerability affects Firefox ux_host_class_cdc_ecm_node_id` array. In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. ![]()
0 Comments
Read More
Leave a Reply. |