关联漏洞
描述
PoC CVE-2023-28205: Apple WebKit Use-After-Free Vulnerability
介绍
# CVE-2023-28205: Apple WebKit Use-After-Free Vulnerability
This vulnerability can be exploited through maliciously crafted web content, allowing attackers to execute arbitrary code.
## Description
The code triggers a use-after-free (UAF) vulnerability by delaying the addition of `Map` and `Date` objects, which allows the garbage collector (GC) to free them. This can potentially lead to accessing freed objects, causing memory corruption or enabling exploits.
## References
- [WebKit Commit c9880de4a28b9a64a5e1d0513dc245d61a2e6ddb](https://github.com/WebKit/WebKit/commit/c9880de4a28b9a64a5e1d0513dc245d61a2e6ddb)
CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
Thanks to abc for the proof of concept example.
文件快照
[4.0K] /data/pocs/536a11e3f9252d7e2c227ad3ceeddfcb951ca37d
├── [ 524] index.html
├── [1.0K] LICENSE
├── [4.0K] module
│ ├── [5.9K] chain.mjs
│ ├── [ 773] constants.mjs
│ ├── [5.5K] int64.mjs
│ ├── [5.6K] mem.mjs
│ ├── [8.4K] memtools.mjs
│ ├── [1.1K] offset.mjs
│ ├── [2.9K] rw.mjs
│ └── [2.1K] utils.mjs
├── [1.7K] poc.js
├── [ 808] README.md
└── [ 223] server.py
1 directory, 13 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。