• Simple bugs with complex exploits

  

  elttam.com

  Simple bugs with complex exploits

          FixedArray and FixedDoubleArray are used to create objects in JavaScript, and although the new implementations looked valid at first glance, they were missing a key component: a maximum length check to ensure that the newly created array’s length cannot not go past a predefined upper limit.
  

  To the untrained eye, this bug does not look exploitable, but as shown on the bug report, Sergey made use of TurboFan’s typer to gain access to a very powerful exploitation primitive: an array whose length field is much larger than its capacity. This primitive provides an attacker with an out-of-bounds access primitive on the V8 heap, which can very easily lead to code execution

  adversary simulations cloud infrastructure embedded devices mobile applications security auditing web applications

  • Add  

  2

Appears in lists (1)

• Issues #171 Sep 28, 2020

More like this (2)

• 

  Exim servers running v4.92.1 and before are vulnerable to a security bug, patched in v4.92.2, which could allow attackers to run malicious code with root access

  

  techmeme.com

  Catalin Cimpanu / ZDNet: Exim servers running v4.92.1 and before are vulnerable to a security bug,...

  Catalin Cimpanu / ZDNet: Exim servers running v4.92.1 and before are vulnerable to a security bug, patched in v4.92.2, which could allow attackers to run malicious code with root access  —  The internet's most popular email server impacted by second major bug this summer.  —  Millions of Exim servers are vulnerable …

  1
• 

  Node v10.16.1 (LTS) | Node.js

  

  nodejs.org

  Node v10.16.1 (LTS) Released — No big Node releases this week, but this minor bump to...

  Node v10.16.1 (LTS) Released — No big Node releases this week, but this minor bump to the 10.x branch focuses on an upgrade to OpenSSL 1.1.1c (bug-fix focused, not security). So, yes, this is very boring, but if you’re on 10.x, you need to know :-)

  1