CVE-2021-4327 – SerenityOS TypedArray.cpp initialize_typed_array_from_array_buffer integer overflow
https://notcve.org/view.php?id=CVE-2021-4327
A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. • https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html https://github.com/SerenityOS/serenity/commit/f6c6047e49f1517778f5565681fb64750b14bf60 https://vuldb.com/?ctiid.222074 https://vuldb.com/?id.222074 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-31272
https://notcve.org/view.php?id=CVE-2021-31272
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. SerenityOS anterior al commit 3844e8569689dd476064a0759d704bc64fb3ca2c, contiene una vulnerabilidad de salto de directorio en tar/unzip que puede conllevar a una ejecución de comandos o a una escalada de privilegios • https://github.com/SerenityOS/serenity/issues/3991 https://github.com/SerenityOS/serenity/issues/3992 https://github.com/SerenityOS/serenity/pull/5713 https://github.com/SerenityOS/serenity/pull/5713/commits/3844e8569689dd476064a0759d704bc64fb3ca2c • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-30045
https://notcve.org/view.php?id=CVE-2021-30045
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. SerenityOS hasta el 27-03-2021, contiene una vulnerabilidad de desbordamiento del búfer en la función EndOfCentralDirectory::read() • https://github.com/SerenityOS/serenity/commit/4317db7498eaa5a37068052bb0310fbc6a5f78e4 https://github.com/SerenityOS/serenity/issues/5975 https://github.com/SerenityOS/serenity/pull/5977 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-28874
https://notcve.org/view.php?id=CVE-2021-28874
SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file. SerenityOS corregido a partir de c9f25bca048443e317f1994ba9b106f2386688c3, contiene una vulnerabilidad de desbordamiento del búfer en LibTextCode al abrir un archivo diseñado • https://github.com/SerenityOS/serenity/commit/c9f25bca048443e317f1994ba9b106f2386688c3 https://github.com/SerenityOS/serenity/issues/5769 https://github.com/SerenityOS/serenity/pull/5802 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-20172
https://notcve.org/view.php?id=CVE-2019-20172
Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack. El archivo Kernel/VM/MemoryManager.cpp en SerenityOS antes de 30-12-2019 no rechaza las llamadas al sistema con punteros en el espacio de direcciones virtuales solo del kernel, lo que permite a usuarios locales alcanzar privilegios sobrescribiendo una dirección de retorno que fue encontrada en la pila del kernel. • https://github.com/Fire30/CTF-WRITEUPS/tree/master/36c3_ctf/wisdom https://github.com/SerenityOS/serenity/commit/0fc24fe2564736689859e7edfa177a86dac36bf9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •