关联漏洞
介绍
# CVE-2024-9954
## Overview
A use-after-free vulnerability in the AI component of Google Chrome versions prior to 130.0.6723.58.
Allows a remote attacker to exploit heap corruption through a crafted HTML page.
## Vulnerability Details
- **ID**: CVE-2024-9954
- **Severity**: High
- **Tags**: cve, cve2024, http, js, go, cve-2024-9953
## Exploit Desctiption
Exploit builds up a vulnerable HTTP2 Node.js server (server-nossl.js) based on CVE-2024-9954.

Notes:
- ```client.js``` is a small client script to test the HTTP2 server.
- ```exploit/``` contains the exploit code for the vulnerability.
- ```server-nossl.js``` is vulnerable to the continuation flood attack.
## Requirement
Go, JavaScript, Dockerfile
### Private Sell Exploit(Only 2 hands):
[Download](https://ur0.jp/zqCBf)
Use this exploit in a controlled environment only.
For inquiries, please contact zetraxz@thesecure.biz
文件快照
[4.0K] /data/pocs/c35ca9f63e32e6fbab4f707dccaff8eb04b0aa7d
└── [1002] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。