
CVE-2021-38001: A Brief Introduction to V8 Inline Cache and Exploitating Type Confusion
Some Background Info CVE-2021-38001 is reported on TianFu Cup 2021. This bug exploits a type confusion issue happened in V8’s inline cache and can result in remote code execution. In my last V8 pwn blog, I analyzed and reproduced CVE-2020-6507. Its root cause is an OOB read/write issue happened in V8’s JIT phase. But to…
From RPC To RCE: VMWare Log Insight CVE-2022-31704
Preparations Recently I noticed that horizon3 team’s blog on VMWare Log Insight’s IOCs and technical analysis and decided to take a look at this bug myself. I registered for a trial version of Log Insight on VMWare’s website and downloaded OVA images for both 8.10.2 (patched version) and 8.10.0 (vunlerable version) versions. After basic setup…
Follow My Blog
Get new content delivered directly to your inbox.