CVEs

We frequently report and fix security-critical vulnerabilities that we find as a byproduct of our research. Some of bugs that have an explictly assigned CVE or references are listed here:

DateDescriptionRef.Lead
2019/06/13Incorrect JIT optimization in Microsoft ChakraCore Scripting Engine (link)CVE-2019-1023Wen Xu, Soyeon Park
2019/06/08Memory corruption in Microsoft ChakraCore Scripting Engine (link)CVE-2019-0990Soyeon Park
2019/05/13Memory corrution in WebKit that leads to arbitrary code execution (link)CVE-2019-8596, CVE-2019-8609Wen Xu
2019/05/13Memory corruption in WebKit that circumvents sandbox restrictions (link)CVE-2019-8619, CVE-2019-8628Wen Xu, Hanqing Zhao
2019/04/23Heap overflow in ANGLE on Windows (link)CVE-2019-5817Wen Xu
2019/04/23Integer overflow in ANGLE (link)CVE-2019-5806Wen Xu
2019/03/25Memory corruption in WebKit that circumvents sandbox restrictions (link)CVE-2019-8562Wen Xu, Hanqing Zhao
2019/02/12Memory corruption in Microsoft ChakraCore Scripting Engine (link)CVE-2019-0609Soyeon Park, Wen Xu
2019/02/03Use-After-Free in WebKit that may lead to arbitrary code execution (link)CVE-2019-6212Wen Xu
2018/07/27Linux HFS+ memory corruption (link)CVE-2018-14617Wen Xu
2018/07/27Linux F2FS memory corruptions (link, link, link)CVE-2018-14614,14615,14616Wen Xu
2018/07/27Linux Btrfs memory corruptions (link, link, link, link, link)CVE-2018-14609,14610,14611,14612,14613Wen Xu, Po-Ning Tseng
2018/07/16Linux ext4 memory corruptions (link, link, link, link, link)CVE-2018-10879,10880,10881,10882,10883Wen Xu
2018/07/16Linux ext4 memory corruptions (link, link, link, link)CVE-2018-10840,10876,10877,10878Wen Xu
2018/07/03Linux F2FS memory corruptions (link, link, link, link, link)CVE-2018-13096,13097,13098,13099,13100Wen Xu
2018/07/03Linux XFS memory corruption (link, link, link)CVE-2018-13093,13094,13095Wen Xu
2018/04/24Linux XFS memory corruptions (link, link)CVE-2018-10322,10323Wen Xu
2018/04/01Linux ext4 memory corruptions (link, link, link, link)CVE-2018-1092,1093,1094,1095Wen Xu
2017/11/30FFmpeg out-of-bound read in gmc_mmx (link)CVE-2017-17081Insu Yun
2017/11/30Binutils heap overflow in bfd_getl32 (link)CVE-2017-17080Insu Yun
2017/03/12Audiofile heap overflow in Expand3To4Module::run (link)CVE-2017-6836Insu Yun
2017/09/05FreeBSD netsmb double-fetch (link)CVE-2017-15037Meng Xu
2017/08/16Openjpeg 2.2.0 Heap Overflow (link)CVE-2017-12878Insu Yun
2017/05/10Dropbox Lepton 1.2.1 DoS (link)CVE-2017-8891Insu Yun
2016/12/13Windows Crypto Driver Information Disclosure Vulnerability (link)CVE-2016-7219 (MS16-149)Su Yong Kim, Sangho Lee, Byoungyoung Lee
2016/06/09A heap overflow in zipimporter module (link)CVE-2016-5636, IBB-Python #26171Insu Yun, Yeongjin Jang
2016/06/04tipc: a kernel infoleak (leaking up to 60 bytes) in tipc_nl_compat_link_dump (link)CVE-2016-5243Kangjie Lu
2016/06/04rds: a kernel infoleak in rds_inc_info_copy (link)CVE-2016-5244Kangjie Lu
2016/05/31mac80211: stack object deauth_buf in net/mac80211/mlme.c is not initialized but leakedAndroidID-28620568Kangjie Lu
2016/05/31bcmdhd: many fields of stack object sinfo (drivers/net/wireless/bcmdhd/wl_cfg80211.c) are not initialized and the whole object is leaked.AndroidID-28619338Kangjie Lu
2016/05/31wireless: not all fields of stack object hdr (net/wireless/util.c) are initialized before it is leaked.AndroidID-28620324Kangjie Lu
2016/05/31netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_queue_core.c) are initialized, which is however leaked via nla_putAndroidID-28673002Kangjie Lu
2016/05/31netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_log.c) are initialized, which is however leaked via nla_putAndroidID-28673002Kangjie Lu
2016/05/31netfilter: one padding byte of pmsg (net/netfilter/nfnetlink_log.c) is not initialized but leaked via nla_putAndroidID-28672819Kangjie Lu
2016/05/31ipv6: some padding bytes of errhdr (net/ipv6/datagram.c) object are not initialized but leaked via put_cmsgAndroidID-28672560Kangjie Lu
2016/05/31media: some fields of u_ent (drivers/media/media-device.c) are not initialized but leaked via copy_to_userAndroidID-28616963Kangjie Lu
2016/05/31media: some fields of pad (drivers/media/media-device.c) are not initialized but leaked via copy_to_userAndroidID-28616963Kangjie Lu
2016/05/31media: some fields of link (drivers/media/media-device.c) are not initialized but leaked via copy_to_userAndroidID-28616963Kangjie Lu
2016/05/17Kernel driver vulnerability in Eset Smart Security (link)N/ASu Yong Kim, Sangho Lee, Byoungyoung Lee
2016/05/10x25: Linux kernel information leak vulnerability in x25_negotiate_facilities (link, link)CVE-2016-4569Kangjie Lu
2016/05/10ASLA: Two Linux kernel information leak vulnerabilities in timer (link, link)CVE-2016-4578Kangjie Lu
2016/05/09ASLA: Linux kernel information leak vulnerability in timer (link)CVE-2016-4569Kangjie Lu
2016/05/04Linux kernel information leak vulnerabilityi(llc module) (link)CVE-2016-4485Kangjie Lu
2016/05/04Linux kernel information leak vulnerability(netlink module) (link)CVE-2016-4486Kangjie Lu
2016/05/04Linux kernel information leak vulnerability(USB module) (link)CVE-2016-4482Kangjie Lu
2016/02/09Windows Elevation of Privilege Vulnerability (link)CVE-2016-0040 (MS16-014)Su Yong Kim, Byoungyoung Lee
2016/01/27An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. (link)Bug #71450, IBB-PHP #113122Yeongjin Jang, Insu Yun
2016/01/27An integer overflow bug in php_implode() could lead heap overflow, make crashes (link)Bug #71449, IBB-PHP #113120Yeongjin Jang, Insu Yun
2016/01/24Integer overflow in wordwrap (link)Pull request #1738, IBB-PHP #113268Insu Yun
2015/11/10Windows NDIS Elevation of Privilege Vulnerability (independently reported) (link)CVE-2015-6098 (MS15-117)Su Yong Kim, Byoungyoung Lee
2015/11/04Elevation of Privilege Vulnerability in Telephony (link)CVE-2015-6614Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang
2015/10/16Voice over LTE implementations contain multiple vulnerabilities (link)VU#943167Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang
2015/08/10Integer overflow in ui/cursor.c (link)N/ASang Shin Jung, Byoungyoung Lee, Yeong Jang, Changwoo Min
2014/12/02Bad casting from the BasicThebesLayer to BasicContainerLayer (link)CVE-2014-1594Byoungyoung Lee, Chengyu Song