Changes

Jump to navigation Jump to search
679 bytes added ,  20:38, 9 August 2019
Line 449: Line 449:  
!  Public disclosure timeframe
 
!  Public disclosure timeframe
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| [[Applet_Manager_services#IStorage|AM IStorage]] infoleak
 +
| Originally the buffer allocated by [[Applet_Manager_services#CreateStorage|CreateStorage]] using the specified input size was not cleared. With [8.0.0+] this was fixed by adding a memset() for the buffer after successful allocation.
 +
 +
Hence, IStorage->IStorageAccessor->Read will return uninitialized memory when the Write cmd was not previously used with the specified region.
 +
| Infoleak from the main [[Applet_Manager_services#IStorage|AM]] heap, allowing defeating ASLR by reading addresses from previously allocated objects.
 +
| [[8.0.0]]
 +
| [[8.1.0]]
 +
| December 2018
 +
| August 9, 2019
 +
| [[User:Yellows8|yellows8]]
 
|-
 
|-
 
| Out-of-bounds array read for [[BCAT_Content_Container]] secret-data index
 
| Out-of-bounds array read for [[BCAT_Content_Container]] secret-data index

Navigation menu