Prior versions of Exim 4 have Improper Neutralization of Line Delimiters Local users can alter the behavior of root processes because a recipient address can have a newline character (<a href="nvdnistgov/vuln/detail/CVE%2D2020-28015">CVE-2020-28015</a>)
Prior versions of Exim 4 allowed Integer Overflow to Buffer Overflow in ...
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: [CVE-2020-28018] Use-After-Free on Exim Question
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Solar Design ...
Slides
Speech slides
Current slides
Exploiting sudo CVE-2021-3156: From heap-based overflow to LPE/EoP (Feb 19, 2021)
CVE-2020-28018: From Use-After-Free to Remote Code Execution (Jun 18, 2021)
Confronting CFI: Control-flow Hijacking in the Intel CET era for memory corruption exploit development (May 12, 2022)
CVE Exploit PoC's
PoC exploits for multiple software vulnerabilities
Current exploits
CVE-2019-18634 (LPE): Stack-based buffer overflow in sudo tgetpassc when pwfeedback module is enabled
CVE-2021-3156 (LPE): Heap-based buffer overflow in sudo sudoersc when an argv ends with backslash character
CVE-2020-28018 (RCE): Exim Use-After-Free (UAF) in tls-opensslc leading t