CVE-2022-26757 – XNU Flow Divert Race Condition Use-After-Free
https://notcve.org/view.php?id=CVE-2022-26757
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema es corregido en tvOS versión 15.5, iOS versión 15.5 y iPadOS versión 15.5, Security Update 2022-004 Catalina, watchOS versión 8.6, macOS Big Sur versión 11.6.6, macOS Monterey versión 12.4. • http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213256 https://support.apple.com/en-us/HT213257 https://support.apple.com/en-us/HT213258 • CWE-416: Use After Free •
CVE-2022-26714
https://notcve.org/view.php?id=CVE-2022-26714
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema es corregido en tvOS versión 15.5, iOS versión 15.5 y iPadOS versión 15.5, Security Update 2022-004 Catalina, watchOS versión 8.6, macOS Big Sur versión 11.6.6, macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213256 https://support.apple.com/en-us/HT213257 https://support.apple.com/en-us/HT213258 • CWE-787: Out-of-bounds Write •
CVE-2020-13495
https://notcve.org/view.php?id=CVE-2020-13495
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file. Se presenta una vulnerabilidad explotable en la forma en que Pixar OpenUSD versión 20.05 maneja las compensaciones de archivos en los archivos binarios USD. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-22674 – Apple macOS Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2022-22674
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. Se presentaba un problema de lectura fuera de límites que conllevaba a una divulgación de la memoria del kernel. • https://support.apple.com/en-us/HT213220 https://support.apple.com/en-us/HT213255 https://support.apple.com/en-us/HT213256 • CWE-125: Out-of-bounds Read •
CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 http://www.openwall.com/lists/oss-security/2022/03/25/2 http://www.openwall.com/lists/oss-security/2022/03/26/1 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 https://github.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •