Description
An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine.
References to Advisories, Solutions, and Tools
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
Resourcehttps://gist.github.com/jwang-a/cb4b6e9551457aa299066076b836a2cdhttps://github.com/jwang-a/CTF/blob/master/MyChallenges/Pwn/Unicorns_Aisle/UnicornsAisle.pdfhttps://github.com/unicorn-engine/unicorn/commit/c733bbada356b0373fa8aa72c044574bb855fd24https://github.com/unicorn-engine/unicorn/compare/2.0.0-rc4...2.0.0-rc5https://www.unicorn-engine.org/changelog/
