Home / os / winnt

JSC JIT Out-Of-Bounds Access

Posted on 03 June 2020

The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.

 

TOP

Malware :

Exploits :