Monthly Archives: January 2024

Advisories

NULL pointer dereference in __glXGetDrawableAttribute() of Mesa

Read Time:20 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function
__glXGetDrawableAttribute().

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
freedesktop

[Affected Product Code Base]
Mesa – 23.0.4

[Reference]
https://gitlab.freedesktop.org/mesa/mesa/-/issues/9857

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…

Read More

Advisories

NULL pointer dereference in the function handle_viminfo_register() of vim

Read Time:22 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A NULL pointer dereference in the function handle_viminfo_register() of vim v9.0 allows attackers to cause a Denial of
Service (DoS) via crafted file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
vim

[Affected Product Code Base]
vim – 9.0

[Reference]
https://github.com/vim/vim/issues/12652

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the…

Read More

Advisories

Null pointer deference in XGetWMHints() of Xfig

Read Time:21 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
Xfig v3.2.8 was discovered to contain a segmentation violation via the function XGetWMHints().

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
SourceForge

[Affected Product Code Base]
Xfig – 3.2.8

[Reference]
https://sourceforge.net/p/mcj/tickets/155/

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45920 to this
vulnerability.

Read More

Advisories

Buffer Overflow in glXQueryServerString() of mesa

Read Time:21 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a segmentation violation via the function glXQueryServerString().

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
freedesktop

[Affected Product Code Base]
Mesa – 23.0.4

[Reference]
https://gitlab.freedesktop.org/mesa/mesa/-/issues/9858

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45919 to…

Read More

Advisories

NULL pointer dereference in tgetstr() of ncurses

Read Time:21 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
ncurses v6.4-20230610 was discovered to contain a NULL pointer dereference via the function tgetstr().

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
ncurses

[Affected Product Code Base]
ncurses – 6.4-20230610

[Reference]
https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name…

Read More

Advisories

Null pointer dereference in Xedit

Read Time:22 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A NULL pointer dereference in the component /X11/xedit/lisp of Xedit v1.2.3 allows attackers to cause a Denial of
Service (DoS) via a crafted lisp.lsp file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
Xedit

[Affected Product Code Base]
Xedit – 1.2.3

[Reference]
https://gitlab.freedesktop.org/xorg/app/xedit/-/issues/1

[CVE Reference]
The Common Vulnerabilities and Exposures project…

Read More

Advisories

Null pointer deference in freedesktop mesa

Read Time:19 Second

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function
dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an
DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
freedesktop

[Affected Product Code Base]
Mesa – 23.0.4

[Reference]…

Read More

Advisories

PrommetriX – (Prometheus Metrics Leaker) released!

Read Time:23 Second

Posted by psy on Jan 26

Hi FD,

I am glad to present this script:

– Prommetrix

I think that building a tool that quite facilitates the scraping work of
the data presented by the Prometheus metrics, perhaps it is possible to
make the team that develops it becomes aware of the existing need to
protect them from their core.

23/01/2024:

– Google (search engine): ~ 1832 servers with exposed metrics
– Shodan ~ 7320 servers with exposed metrics

———…

Read More

Advisories

Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031)

Read Time:13 Second

Posted by Rahim, Mohaiman via Fulldisclosure on Jan 26

Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031)

Credit: Mohaiman Rahim

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

# Product: RLM 15.1
# Vendor: Reprise Software
# CVE ID: CVE-2023-43183
# Vulnerability Title: Incorrect Access…

Read More

Advisories

Yet another fork()/malloc() bomb in javascript + SIGILL in Chrome

Read Time:25 Second

Posted by Georgi Guninski on Jan 26

Searching the web for `javascript fork malloc bomb` returns results,
e.g. [here][1]: and [here][2]:

We got a javascript fork malloc bomb which crashed Chrome 121 on linux
with SIGILL and about one in five runs the virtual machine freezes.
SIGILL almost always is a sign of memory corruption 🙂
On android it crashes the current tab without explanation.
Firefox 121 on linux also crashes the current tab.

In all cases except the sporadic freezes,…

Read More