Real World Analysis/0-day6 [0-Day] CVE-2022-1638 ($5,000) - Google Chrome V8 Internationalization Heap Buffer Overflow Vulnerability Title Integer Overflow Leading to OOB Write/Heap-based Buffer Overflow in icu_71::FormattedStringBuilder::insert Summary A OOB Write/Heap-based Buffer Overflow vulnerability exists in the icu_71::FormattedStringBuilder::insert An attacker must open a arbitrary generated HTML file to exploit this vulnerability. Security Severity 8.8 High (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Test environment MacO.. 2022. 8. 7. [0-Day] CVE-2022-0517 - Mozilla VPN Privilege Escalation Vulnerability Title Mozilla VPN Privilege Escalation Vulnerability Summary A Uncontrolled Search Path Element vulnerability exists in the libcrypto-1_1-x64.dll. Attackers place arbitrarily generated openssl.cnf files in the C:\MozillaVPNBuild\SSL to exploit this vulnerability. Security Severity High Root Cause Analysis We can check the logic of loading the openssl.cnf file from the call stack above. libcrypto.. 2022. 4. 30. 이전 1 2 다음