sungjungk

4 exploits Active since Nov 2018
CVE-2020-15570 WRITEUP MEDIUM WORKING POC
whoopsie < 0.2.69 - Denial of Service via Malformed Crash File
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVSS 5.5
CVE-2018-19358 WRITEUP HIGH WORKING POC
GNOME Keyring <3.28.2 - Info Disclosure
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.
CVSS 7.8
CVE-2020-11937 WRITEUP MEDIUM WORKING POC
whoopsie - Denial of Service via Memory Leak in parse_report
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
CVSS 5.5
CVE-2020-15570 WRITEUP MEDIUM WRITEUP
whoopsie < 0.2.69 - Denial of Service via Malformed Crash File
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVSS 5.5