Maybe I’m misunderstanding something, but what is the vulnerability here? It
looks like you are just demonstrating that a program can corrupt its own heap,
which it can already do in numerous other ways.
> On 26 Mar 2018, at 00:26, keliikoa kirland wrote:
>
> Tested on: Ubuntu 14.04.5 LTS
> V
rk = PAGE_ALIGN(brk);
> oldbrk = PAGE_ALIGN(mm->brk);
> if (oldbrk == newbrk)
> goto set_brk;
>
>
> albeit.
>
> On 27 March 2018 at 12:06, Matthew Fernandez
> wrote:
> Maybe I’m misunderstanding something, but what is the vulnerability
On 9/14/22 04:44, Georgi Guninski wrote:
ping world
libgmp is library about big numbers.
it is not a library for very big numbers, because
if libgmp meets a very big number, it calls abort()
and coredumps.
2442 packages depend on libgmp on ubuntu20.
guest3@ubuntu20:~/prim$ apt-cache rdepends
On 10/12/22 22:39, Georgi Guninski wrote:
On Fri, Sep 16, 2022 at 6:44 AM Matthew Fernandez
wrote:
What is the security boundary being violated here? As a maintainer of
some of the packages implicated here, I’m unsure what my actionable
tasks are. The threat model(s) for my packages
On 8/14/23 21:43, Georgi Guninski wrote:
In short, I found anomaly in Fedora 37 and would like to
know if it is vulnerability.
As root type in terminal:
dnf update
If there is kernel update, watch stdout and stderr for:
##On Mon Aug 14 05:33:29 AM UTC 2023
(2/6): kernel-6.4.10-100.fc37.x86_6
On 1/20/24 15:07, Meng Ruijie wrote:
[Vulnerability description]
Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote attacker to
execute arbitrary code via a crafted config6a file.
[Vulnerability Type]
Buffer Overflow
More specifically, this issue is an out-of-bounds read.
On 1/27/24 10:15, Matthew Fernandez wrote:
On 1/20/24 15:07, Meng Ruijie wrote:
[Vulnerability description]
Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote
attacker to execute arbitrary code via a crafted config6a file.
[Vulnerability Type]
Buffer Overflow
More
How should we be treating the stream of malware vulnerabilities you’ve reported
recently? If something is malware, surely I want to remove it from my machine
anyway? I’m all for full disclosure, but I’m just trying to understand if
there’s anything actionable list members could do with this info
