unicorn@2.0.0rc4 vulnerabilities

Unicorn CPU emulator engine

latest version

2.0.1.post1
latest non vulnerable version

2.0.1.post1
first published

7 years ago
latest version published

2 years ago
licenses detected
- BSD-2-Clause
  [0,)
View unicorn package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the unicorn package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Denial of Service (DoS) unicorn is an Unicorn CPU emulator engine Affected versions of this package are vulnerable to Denial of Service (DoS) due to a memory leak via the function `uc_close` at `/my/unicorn/uc.c`. How to fix Denial of Service (DoS)? Upgrade `unicorn` to version 2.0.0rc7 or higher.	[,2.0.0rc7)
H NULL Pointer Dereference unicorn is an Unicorn CPU emulator engine Affected versions of this package are vulnerable to NULL Pointer Dereference via qemu_ram_free. How to fix NULL Pointer Dereference? Upgrade `unicorn` to version 2.0.0rc7 or higher.	[,2.0.0rc7)
H Denial of Service (DoS) unicorn is an Unicorn CPU emulator engine Affected versions of this package are vulnerable to Denial of Service (DoS) due to memory leaks caused by an incomplete unicorn engine initialization. How to fix Denial of Service (DoS)? Upgrade `unicorn` to version 2.0.0rc7 or higher.	[,2.0.0rc7)
H Use After Free unicorn is an Unicorn CPU emulator engine Affected versions of this package are vulnerable to Use After Free via the hook function. How to fix Use After Free? Upgrade `unicorn` to version 2.0.0 or higher.	[0,2.0.0)
H Sandbox Bypass unicorn is an Unicorn CPU emulator engine Affected versions of this package are vulnerable to Sandbox Bypass in `split_region` in `uc.c`. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling `uc_mem_map_ptr()` to free up a part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine. How to fix Sandbox Bypass? Upgrade `unicorn` to version 2.0.0rc5 or higher.	[,2.0.0rc5)

Go back to all versions of this package

unicorn@2.0.0rc4 vulnerabilities

Unicorn CPU emulator engine

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities