CVE-2022-35059 An overflow was discovered in OTFCC commit 617837b that was used in an exploit.

The issue was addressed by not allowing the dumping of heap data. In addition, OTFCC commit d54cb8e was discovered to contain a stack buffer overflow via /release-x64/otfccdump+0x6c019a.

The issue was addressed by updating OTFCC to be compatible with the latest stable release. In addition, a race condition was discovered in the input validation of OTFCC commit a3d7d2a. An attacker could exploit this to cause OTFCC to crash the application.

CVE References Severity Updated Acknowledgements 2018-10-01 4.3 High OTFCC PR-2018-1685

Summary

The issue was addressed by updating OTFCC to be compatible with the latest stable release. In addition, a race condition was discovered in the input validation of OTFCC commit a3d7d2a. An attacker could exploit this to cause OTFCC to crash the application.

CVE-2021-35058

The issue was addressed by updating OTFCC to be compatible with the latest stable release. In addition, a race condition was discovered in the input validation of OTFCC commit a3d7d2a. An attacker could exploit this to cause OTFCC to crash the application.

CVE References Severity Updated Acknowledgements 2018-10-01 4.3 High OTFCC PR-2018-1685

Timeline

Published on: 10/14/2022 12:15:00 UTC
Last modified on: 10/15/2022 02:14:00 UTC

References

• https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35059.md
• https://drive.google.com/file/d/1W9KM7OGlkMu1_7Y1mT_-eEbQJlRDfAJO/view?usp=sharing
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35059