Unicorn Engine 1.0.2 Release Candidate 2

CPE Details

Unicorn Engine 1.0.2 Release Candidate 2
unicorn-engine
unicorn_engine
1.0.2
2022-10-31
16h42 +00:00
2022-10-31
16h45 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:unicorn-engine:unicorn_engine:1.0.2:rc2:*:*:*:*:*:*

Informations

Vendor

unicorn-engine

Product

unicorn_engine

Version

1.0.2

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29694 2022-05-27 17h07 +00:00 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.
7.5
High
CVE-2022-29695 2022-05-27 17h07 +00:00 Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization.
7.5
High
CVE-2022-29693 2022-05-27 17h07 +00:00 Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.
7.5
High
CVE-2021-44078 2021-12-26 03h28 +00:00 An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine.
8.1
High
CVE-2021-36979 2021-07-20 04h48 +00:00 Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).
5.5
Medium
CVE-2020-36431 2021-07-20 04h46 +00:00 Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.