Safety CI > MobSF/Mobile-Security-Framework-MobSF

pyup-scheduled-update-2023-08-21

2 years, 7 months ago

705fe657

Update quark-engine from 23.5.1 to 23.7.1

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

master

2 years, 7 months ago

c2993d19

[HOTFIX][EFR09] AAR/JAR obfuscation and debug check + Exception Handed strings and symbols extractio

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

EFR09

2 years, 7 months ago

184708e4

Exception handling symbols and strings from so/dylib

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

EFR09

2 years, 7 months ago

8c772f5a

AAR/JAR obfuscation and debug check

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

master

2 years, 8 months ago

d681353a

Fix missing exported components (#2176) Components which are exported and have no permission were n

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

master

2 years, 8 months ago

e08524fe

[HOTFIX][EFR-08] Dylib + Symbols + Other Features (#2239) * Dylib analysis support + PDF for iOS Bi

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

EFR08

2 years, 8 months ago

78f4bc8e

resolve cyclical import

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

EFR08

2 years, 8 months ago

69f72908

save_get_ctx refactor

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

EFR08

2 years, 8 months ago

9fb3e985

Sonar python version support

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

EFR08

2 years, 8 months ago

97738f17

Independent dylib scan, symbol support for dylib & so, so trackers

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

EFR08

2 years, 8 months ago

88c5bea1

QA

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

EFR08

2 years, 8 months ago

666c3b89

Dylib analysis support

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

master

2 years, 8 months ago

b1be6f54

HOTFIX: fix IPA download support

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

master

2 years, 8 months ago

2b7156c7

Update macho_analysis.py - SYMBOLS STRIPPED False Negative (#2234) * Update macho_analysis.py PR

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

master

2 years, 8 months ago

19e09631

HOTFIX: Improve code string extraction

lief 0.13.2 has known security vulnerabilities.

Package	Installed	Affected	Info
lief	0.13.2	<0.15.0	show Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.

Package

Installed

Affected

Info

lief

0.13.2

<0.15.0

show

Affected versions of the lief package are vulnerable to Information Disclosure due to the use of an uninitialized variable in the machd_reader.c component’s name parameter. The machd_reader.c component accepts the name parameter without proper initialization, allowing leakage of potentially sensitive memory contents. A local attacker can exploit this by invoking the machd_reader functionality with a crafted name parameter, causing the LIEF package to disclose unintended information from process memory.