CVEs

We frequently report and fix security-critical vulnerabilities that we find as a byproduct of our research. Some of bugs that have an explictly assigned CVE or references are listed here:

DateDescriptionRef.
2018/07/27Linux HFS+ memory corruption (link)CVE-2018-14617
2018/07/27Linux F2FS memory corruptions (link, link, link)CVE-2018-14614,14615,14616
2018/07/27Linux Btrfs memory corruptions (link, link, link, link, link)CVE-2018-14609,14610,14611,14612,14613
2018/07/16Linux ext4 memory corruptions (link, link, link, link, link)CVE-2018-10879,10880,10881,10882,10883
2018/07/16Linux ext4 memory corruptions (link, link, link, link)CVE-2018-10840,10876,10877,10878
2018/07/03Linux F2FS memory corruptions (link, link, link, link, link)CVE-2018-13096,13097,13098,13099,13100
2018/07/03Linux XFS memory corruption (link, link, link)CVE-2018-13093,13094,13095
2018/04/24Linux XFS memory corruptions (link, link)CVE-2018-10322,10323
2018/04/01Linux ext4 memory corruptions (link, link, link, link)CVE-2018-1092,1093,1094,1095
2017/11/30FFmpeg out-of-bound read in gmc_mmx (link)CVE-2017-17081
2017/11/30Binutils heap overflow in bfd_getl32 (link)CVE-2017-17080
2017/03/12Audiofile heap overflow in Expand3To4Module::run (link)CVE-2017-6836
2017/09/05FreeBSD netsmb double-fetch (link)CVE-2017-15037
2017/08/16Openjpeg 2.2.0 Heap Overflow (link)CVE-2017-12878
2017/05/10Dropbox Lepton 1.2.1 DoS (link)CVE-2017-8891
2016/12/13Windows Crypto Driver Information Disclosure Vulnerability (link)CVE-2016-7219 (MS16-149)
2016/06/09A heap overflow in zipimporter module (link)CVE-2016-5636, IBB-Python #26171
2016/06/04tipc: a kernel infoleak (leaking up to 60 bytes) in tipc_nl_compat_link_dump (link)CVE-2016-5243
2016/06/04rds: a kernel infoleak in rds_inc_info_copy (link)CVE-2016-5244
2016/05/31mac80211: stack object deauth_buf in net/mac80211/mlme.c is not initialized but leakedAndroidID-28620568
2016/05/31bcmdhd: many fields of stack object sinfo (drivers/net/wireless/bcmdhd/wl_cfg80211.c) are not initialized and the whole object is leaked.AndroidID-28619338
2016/05/31wireless: not all fields of stack object hdr (net/wireless/util.c) are initialized before it is leaked.AndroidID-28620324
2016/05/31netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_queue_core.c) are initialized, which is however leaked via nla_putAndroidID-28673002
2016/05/31netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_log.c) are initialized, which is however leaked via nla_putAndroidID-28673002
2016/05/31netfilter: one padding byte of pmsg (net/netfilter/nfnetlink_log.c) is not initialized but leaked via nla_putAndroidID-28672819
2016/05/31ipv6: some padding bytes of errhdr (net/ipv6/datagram.c) object are not initialized but leaked via put_cmsgAndroidID-28672560
2016/05/31media: some fields of u_ent (drivers/media/media-device.c) are not initialized but leaked via copy_to_userAndroidID-28616963
2016/05/31media: some fields of pad (drivers/media/media-device.c) are not initialized but leaked via copy_to_userAndroidID-28616963
2016/05/31media: some fields of link (drivers/media/media-device.c) are not initialized but leaked via copy_to_userAndroidID-28616963
2016/05/17Kernel driver vulnerability in Eset Smart Security (link)N/A
2016/05/10x25: Linux kernel information leak vulnerability in x25_negotiate_facilities (link, link)CVE-2016-4569
2016/05/10ASLA: Two Linux kernel information leak vulnerabilities in timer (link, link)CVE-2016-4578
2016/05/09ASLA: Linux kernel information leak vulnerability in timer (link)CVE-2016-4569
2016/05/04Linux kernel information leak vulnerabilityi(llc module) (link)CVE-2016-4485
2016/05/04Linux kernel information leak vulnerability(netlink module) (link)CVE-2016-4486
2016/05/04Linux kernel information leak vulnerability(USB module) (link)CVE-2016-4482
2016/02/09Windows Elevation of Privilege Vulnerability (link)CVE-2016-0040 (MS16-014)
2016/01/27An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. (link)Bug #71450, IBB-PHP #113122
2016/01/27An integer overflow bug in php_implode() could lead heap overflow, make crashes (link)Bug #71449, IBB-PHP #113120
2016/01/24Integer overflow in wordwrap (link)Pull request #1738, IBB-PHP #113268
2015/11/10Windows NDIS Elevation of Privilege Vulnerability (independently reported) (link)CVE-2015-6098 (MS15-117)
2015/11/04Elevation of Privilege Vulnerability in Telephony (link)CVE-2015-6614
2015/10/16Voice over LTE implementations contain multiple vulnerabilities (link)VU#943167
2015/08/10Integer overflow in ui/cursor.c (link)N/A
2014/12/02Bad casting from the BasicThebesLayer to BasicContainerLayer (link)CVE-2014-1594