| Issue 58: | Browser Plugin SRPC Type Confusion Memory Corruption Attack | |
| 3 people starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
Team: Beached As The "src" parameter of NaCl objects is processed as a string when the property is set, however no validation is done to ensure that a string is actually used to set this property. By setting this value to an integer instead, a type confusion attack occurs and the integer value is used as a pointer internally, and can lead to memory corruption etc.
|
||||||||||||
,
Mar 12, 2009
Verified as an issue.
Status: Accepted
Owner: s...@google.com Labels: Type-Defect |
|||||||||||||
,
Apr 10, 2009
Fix was released in build 57.
Status: Fixed
|
|||||||||||||
 Sign in to add a comment
|
|||||||||||||
