tnishiox

2 exploits Active since Sep 2023

CVE-2023-4813 NOMISEC MEDIUM WORKING POC

glibc < 2.36 - Use-After-Free in gaih_inet Function

A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

1 stars

CVSS 5.9

View Code

CVE-2024-2961 NOMISEC HIGH SCANNER

GNU C Library <2.39 - Buffer Overflow

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

CVSS 7.3

View Code