Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0559: Prefer memleak over usaf in io.bank's rbtree bug ##crash · radareorg/radare2@b5cb90b

Use After Free in NPM radare2.js prior to 5.6.2.

CVE
#ios#nodejs#js

@@ -226,12 +226,18 @@ R_API bool r_io_bank_map_add_top(RIO *io, const ut32 bankid, const ut32 mapid) {

r_io_submap_set_to (bd, r_io_submap_from (sm) - 1);

entry = r_rbnode_next (entry);

}

while (entry && r_io_submap_to (((RIOSubMap *)entry->data)) <= r_io_submap_to (sm)) {

ut64 smto = r_io_submap_to (sm);

while (entry && r_io_submap_to (((RIOSubMap *)entry->data)) <= smto) {

//delete all submaps that are completly included in sm

RRBNode *next = r_rbnode_next (entry);

// this can be optimized, there is no need to do search here

// XXX this is a workaround to avoid an UAF in Reproducer: iobank-crash

void *smfree = bank->submaps->free;

bank->submaps->free = NULL;

bool a = r_crbtree_delete (bank->submaps, entry->data, _find_sm_by_from_vaddr_cb, NULL);

bank->submaps->free = smfree;

if (!a) {

entry = NULL;

break;

}

entry = next;

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda