![]() ![]() Integer overflow in USB in Google Chrome prior to 1.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. (Chromium security severity: High)Ī flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. Integer overflow in Skia in Google Chrome prior to 1.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.Ī flaw was found in xorg-server. Version 4.90.0 contains a patch for this issue. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. The URI type is used in several places in Vapor. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. Vapor is an HTTP web framework for Swift. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |