Halcy0nic
Halcy0nic
Here is the valgrind output showing the invalid double free:
GDB Trace: 
This issue was assigned CVE-2022-36234. Proof of concept Python3 code can be found here: https://github.com/Halcy0nic/CVE-2022-36234
### Root Cause The msg buffer, defined as a global variable with a fixed size (MAXPACKETSIZE), is being overrun. The Python client sends a buffer (buf) of 50,000 bytes, which...
Hi @sasagawa888 Similar to #75, if you unzip the file it should have a folder inside named reproduction: ``` $ wget https://github.com/sasagawa888/nprolog/files/11793855/reproduction.zip $ unzip reproduction.zip $ cd reproduction $ ls...
## Invalid free (CWE-763) in *int forth_run(forth_t \*o)* libforth/libforth.c, line 2750 when attempting to execute 'w = (forth_cell_t)realloc((char*)(*S--), f);': ### File for replication: forth_run_line_2750.fth ### Source Code: https://github.com/howerj/libforth/blob/b851c6a25150e7d2114804fc8712664c6d825214/libforth.c#L2750 ### GDB...
Hi everyone, Sorry for the delay, but here are some example fixes in the meantime to mitigate each of the discovered vulnerabilities: ### 1. Out of Bounds Read in `match`...
No worries, and I appreciate your perspective. I understand that Forth, by its nature, allows direct memory manipulation, which can indeed introduce risks if not used carefully. My intention isn't...