Repository files navigation Case Study of JavaScript engine vulnerabilities
CVE-2013-6632 : TypedArray, Integer Overflow, OOB, Pinkie Pie CVE-2014-1705 : TypedArray, Invalid Array Length, OOB, geohot CVE-2014-3176 : Array.concat, Side Effect, OOB, lokihardt CVE-2014-7927 : asm.js, Compiler, OOB, Christian Holler CVE-2014-7928 : Array, Optimization, Christian Holler CVE-2015-1242 : Type Confusion, fcole@onshape.com CVE-2015-6764 : JSON, Side Effect, OOB, Pwn2Own, Guang Gong , Qihoo 360 CVE-2015-6771 : TypedArray, OOBCVE-2015-8584 : JSON, OOBCVE-2016-1646 : Array.concat, Side Effect, OOB, Wen Xu , Tencent KeenLab CVE-2016-1653 : asm.js, TypedArray, Compiler, OOB, Choongwoo Han CVE-2016-1665 : asm.js, Compiler, HyungSeok Han CVE-2016-1669 : RegExp, Heap Overflow, Integer Overflow, Choongwoo Han CVE-2016-1677 : Side Effect, Information Leak, Guang Gong , Qihoo 360 CVE-2016-1688 : RegExp, Max Korenko CVE-2016-5129 : Array, Side Effect, Jeonghoon Shin CVE-2016-5172 : Scope, Choongwoo Han
CVE-2016-3386 : Spread Operator, Stack Overflow, Richard Zhu CVE-2016-7189 : Array.join, Information Leak, Natalie Silvanovich , Google Project Zero CVE-2016-7190 : Array.map, Heap Overflow, Natalie Silvanovich , Google Project Zero CVE-2016-7194 : Function.apply, Information Leak, Natalie Silvanovich , Google Project Zero CVE-2016-7200 : Array.filter, Heap Corruption, Natalie Silvanovich , Google Project Zero CVE-2016-7201 : Array, Prototype, Type Confusion, Natalie Silvanovich , Google Project Zero CVE-2016-7202 : Array.reverse, Overflow, Natalie Silvanovich , Google Project Zero CVE-2016-7203 : Array.splice, Heap Overflow, Natalie Silvanovich , Google Project Zero CVE-2016-7240 : eval, Proxy, Type Confusion, Natalie Silvanovich , Google Project Zero CVE-2016-7241 : JSON.parse, Information Leak, Natalie Silvanovich , Google Project Zero CVE-2016-7286 : SIMD.toLocaleString, Uninitialized Memory, Natalie Silvanovich , Google Project Zero CVE-2016-7287 : Intl, Initialization, Type Confusion, Natalie Silvanovich , Google Project Zero
About
A collection of JavaScript engine CVEs with PoCs
Resources
Stars
Watchers
Forks
You can’t perform that action at this time.