When creating a vector of vectors of vectors in the DevmemIntHeapAcquire function, there is a possible integer overflow that could lead to code execution. This may occur in the size calculation for the vectors of vectors. User interaction is required for exploitation.


Where can we find this issue? - When creating a vector of vectors of vectors in the DevmemIntHeapAcquire function, there is a possible integer overflow that could lead to code execution. This may occur in the size calculation for the vectors of vectors. User interaction is required for exploitation.Where can we find this issue? - https://github.com/ceredith/ledger_core/blob/master/src/main/java/org/ledger/core/vault/lists/VectorAllocVecs.java

CVE-2018-6109 - There is a possible remote code execution in the LedgerSMB DriveCloneFunc function. This vulnerability affects Android versions that are running on the LedgerSMB DriveCloneFunc app. It could be exploited when a user opens a specially crafted text file from an application that sends messages via the app. Product: Android Versions: Android OS v9.0 and below. Android ID: A-242345085

CVE-2018-6109 - There is a possible remote code execution in the LedgerSMB DriveCloneFunc function. This vulnerability affects Android versions that

^

CVE-2018-6109 - There is a possible remote code execution in the LedgerSMB DriveCloneFunc function. This vulnerability affects Android versions that are running on the LedgerSMB DriveCloneFunc app. It could be exploited when a user opens a specially crafted text file from an application that sends messages via the app.

What is LedgerSMB?

LedgerSMB is a small, fast and secure application that allows you to share your wallet data on a single device.
Your private keys are never exposed. The only thing that can be seen by the user is an encrypted view of the blockchain.

Timeline

Published on: 10/11/2022 20:15:00 UTC
Last modified on: 10/13/2022 02:41:00 UTC

References