Threat: Backdoor.Win32.DarkSky.23
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5418. Third-party adversaries
who can reach the server can send a specially crafted payload triggering a
stack…
Posted by Apple Product Security via Fulldisclosure on Oct 16
APPLE-SA-2022-10-10-1 iOS 16.0.3
iOS 16.0.3 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213480.
Mail
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted email message may lead to a
denial-of-service
Description: An input validation issue was addressed with improved
input validation.
CVE-2022-22658
I am not quite sure what point you’re making. CVE-2021-43618 is a
different issue; a programming error that results in a segfault. I.e.
even if an application using libgmp supplied their own allocator,¹ they
could still experience segfaults when dealing with malicious input.
The case you brought to FD (IIUC) is an input including large numbers
that causes libgmp to exhaust memory when dealing with them. In this
case, an application…
It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.