Simon Josefsson - Security Researcher - Exploit Intelligence Platform

CVE-2017-14061 WRITEUP CRITICAL WRITEUP

Libidn2 < 2.0.3 - Integer Overflow in _isBidi Function

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS 9.8

View Code

CVE-2017-14062 WRITEUP CRITICAL WRITEUP

Libidn2 < 2.0.4 - Integer Overflow in decode_digit Function

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS 9.8

View Code

CVE-2019-12290 WRITEUP HIGH WRITEUP

GNU libidn2 < 2.2.0 - Domain Impersonation via Punycode Unicode Conversion Bypass

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

CVSS 7.5

View Code

CVE-2019-17498 WRITEUP HIGH WRITEUP

libssh2 < 1.9.0 - Integer Overflow in SSH_MSG_DISCONNECT Bounds Check

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

CVSS 8.1

View Code

CVE-2024-47191 WRITEUP HIGH WRITEUP

oath-toolkit <2.6.12 - Privilege Escalation

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

CVSS 7.1

View Code

CVE-2024-47191 WRITEUP HIGH WRITEUP

oath-toolkit <2.6.12 - Privilege Escalation

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

CVSS 7.1

View Code

CVE-2017-14061 WRITEUP CRITICAL WRITEUP

Libidn2 < 2.0.3 - Integer Overflow in _isBidi Function

Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS 9.8

View Code

CVE-2017-14062 WRITEUP CRITICAL WRITEUP

Libidn2 < 2.0.4 - Integer Overflow in decode_digit Function

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

CVSS 9.8

View Code

CVE-2019-12290 WRITEUP HIGH STUB

GNU libidn2 < 2.2.0 - Domain Impersonation via Punycode Unicode Conversion Bypass

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

CVSS 7.5

View Code

CVE-2021-46848 WRITEUP CRITICAL WRITEUP

GNU Libtasn1 <4.19.0 - Buffer Overflow

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

CVSS 9.1

View Code

CVE-2022-2469 WRITEUP LOW WRITEUP

GNU SASL < 2.0.1 - Authenticated Out-of-bounds Read via GSS-API Client

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

CVSS 3.8

View Code

CVE-2022-2469 WRITEUP LOW WRITEUP

GNU SASL < 2.0.1 - Authenticated Out-of-bounds Read via GSS-API Client

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

CVSS 3.8

View Code

CVE-2024-47191 WRITEUP HIGH WRITEUP

oath-toolkit <2.6.12 - Privilege Escalation

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

CVSS 7.1

View Code