Riccardo Schirone

3 exploits Active since Mar 2019
CVE-2019-13164 WRITEUP HIGH WRITEUP
QEMU <4.0.0 - Privilege Escalation
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
CVSS 7.8
CVE-2019-3817 WRITEUP HIGH WRITEUP
RPM Libcomps < 0.1.10 - Use After Free
A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.
CVSS 7.5
CVE-2023-27590 WRITEUP HIGH WRITEUP
Rizin < 0.5.1 - Out-of-Bounds Write
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.
CVSS 7.8