googleprojectzero / 0days-in-the-wild Goto Github PK
View Code? Open in Web Editor NEWRepository for information about 0-days exploited in-the-wild.
Home Page: https://googleprojectzero.github.io/0days-in-the-wild
License: Apache License 2.0
Repository for information about 0-days exploited in-the-wild.
Home Page: https://googleprojectzero.github.io/0days-in-the-wild
License: Apache License 2.0
In the CVE-2021-1647 RCA, when describing malicious sample with a SHA256 hash of 6e1e9fa0334d8f1f5d0e3a160ba65441f0656d1f1c99f8a9f1ae4b1b1bf7d788 it says its headers are "[ (0,0), (0,0), (0x2000,0), (0x2000,0x3000) ]" (which I took to mean the 0th section header was an RVA of 0, size of 0, etc up through RVA 0x2000, size 0x3000). However, when opening the 6e1e9fa0334d8f1f5d0e3a160ba65441f0656d1f1c99f8a9f1ae4b1b1bf7d788 sample from https://bazaar.abuse.ch/sample/6e1e9fa0334d8f1f5d0e3a160ba65441f0656d1f1c99f8a9f1ae4b1b1bf7d788/ , the section headers do not match those described in the post. I'm wondering why this is the case?
https://github.com/googleprojectzero/0days-in-the-wild/blob/main/0day-RCAs/2020/CVE-2020-15999.md
contains the text "a Chrome-specific UAF (CVE-2020-16010)"
However CVE-2020-16010 (https://github.com/googleprojectzero/0days-in-the-wild/blob/main/0day-RCAs/2020/CVE-2020-16010.md) describes itself as a "Heap Buffer Overflow". Its description also reads like a heap overflow, so I believe it's the CVE-2020-15999 page which is in error, not the CVE-2020-16010 page.
is real CVE-2021-30858 writeup still coming?
Almost 3 months passed, did it get cancelled or something?
Looking forward to hearing new info about it.
Thanks and keep up the good work!
On https://googleprojectzero.github.io/0days-in-the-wild/rca.html there is a
<head>
...
<link type="application/atom+xml" rel="alternate" href="https://googleprojectzero.github.io/0days-in-the-wild/0days-in-the-wild/feed.xml" title="0-days In-the-Wild" />
</head>
Tag, indicating that an RSS feed exists there, however, the link 404's because the /0days-in-the-wild part is duplicated. Visiting https://googleprojectzero.github.io/0days-in-the-wild/feed.xml also appears to show incorrect paths, and no results. Should an RSS feed of the 0days show the results from the page? Or is this not to be expected.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.