skinnyrad/Trophies

Trophy list of zero-day vulnerabilities discovered by Skinny R&D members

Trophies

Trophy list of zero-day vulnerabilities discovered:

CVEs

• Global Buffer Overflow in N-Prolog Version 1.91 (CVE-2022-43343)
• html2xhtml v1.3 Out-Of-Bounds read (CVE-2022-44311)
• PicoC v3.2.2 Heap Overflow in the ExpressionCoerceInteger function in expression.c (CVE-2022-44312)
• PicoC v3.2.2 Heap Overflow in the ExpressionCoerceUnsignedInteger function in expression.c (CVE-2022-44313)
• PicoC v3.2.2 Heap Overflow in the StringStrncpy function in cstdlib/string.c (CVE-2022-44314)
• PicoC v3.2.2 Heap Overflow in the ExpressionAssign function in expression.c (CVE-2022-44315)
• PicoC v3.2.2 Heap Overflow in the LexGetStringConstant function in lex.c (CVE-2022-44316)
• PicoC v3.2.2 Heap Overflow in the StdioOutPutc function in cstdlib/stdio.c (CVE-2022-44317)
• PicoC v3.2.2 Heap Overflow in the StringStrcat function in cstdlib/string.c (CVE-2022-44318)
• PicoC v3.2.2 Heap Overflow in the StdioBasePrintf function in cstdlib/string.c (CVE-2022-44319)
• PicoC v3.2.2 Heap Overflow in the ExpressionCoerceFP function in expression.c (CVE-2022-44320)
• PicoC v3.2.2 Heap Overflow in the LexSkipComment function in lex.c (CVE-2022-44321)
• md2roff Version 1.9 Buffer Overflow (CVE-2022-41220)
• png2webp Version 1.0.4 Out of Bounds Write (CVE-2022-36752)
• SimpleNetwork TCP Server Double Free (CVE-2022-36234)
• md2roff Version 1.7 Buffer Overflow (CVE-2022-34913)
• PicoC Version v3.2.2 Null Pointer Dereference (CVE-2022-34556)
• Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers Open Redirect (ICSA-19-113-01)

CVEs in process

• Libforth v4.0 Null pointer dereference in int forth_run(forth_t *o) at libforth/libforth.c, line 2615
• Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c, line 2666
• Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c, line 2623
• Libforth v4.0 Out of bounds write in int forth_run(forth_t *o) libforth/libforth.c, line 2725
• Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c, line 2721
• Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c, line 2716
• Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c, line 2665
• Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c, line 2362
• Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c, line 2730
• Libforth v4.0 Invalid free in int forth_run(forth_t *o) libforth/libforth.c, line 2750
• Libforth v4.0 Out of bounds read in static void print_stack(forth_t *o, FILE *out, forth_cell_t *S, forth_cell_t f) at libforth.c, line 1481
• Libforth v4.0 Out of bounds read in static int forth_get_char(forth_t *o) at libforth.c, line 1091
• Libforth v4.0 Out of bounds write in static forth_cell_t compile(forth_t *o, forth_cell_t code, const char *str, forth_cell_t compiling, forth_cell_t hide) at libforth.c, line 1241
• Libforth v4.0 Stack-based buffer overflow in static int print_cell(forth_t *o, FILE *out, forth_cell_t u) at libforth.c, line 1367
• Libforth v4.0 Out of bounds read in static void check_is_asciiz(jmp_buf *on_error, char *s, forth_cell_t end) libforth/libforth.c, line 1436
• Libforth v4.0 Invalid free in int forth_run(forth_t *o) at libforth.c, line 2745
• Libforth v4.0 Out of bounds read in static int match(forth_cell_t *m, forth_cell_t pwd, const char *s) at libforth.c, line 1306

Discovered Vulnerabilities

• Shibatch Sample Rate Converter (SSRC) Divide By Zero Denial of Service
• LCI v0.10.5 Null Pointer Dereference
• LCI v0.10.5 Out of Bounds Read
• Mechanical Keyboard Finder Version 4.31 Cross Site Scripting
• Crash in N-Prolog Version 1.90