Race Condition Vulnerability in Libsafe by Openwall
CVE-2005-1125

Currently unrated

Key Information:

Vendor
Avaya
Status
Libsafe
Vendor
CVE Published:
2 May 2005

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A race condition exists in versions of Libsafe up to and including 2.0.16. This vulnerability can be exploited in multi-threaded applications, allowing attackers to circumvent the protection mechanisms provided by Libsafe. By exploiting this race condition, an attacker may be able to execute code that utilizes other vulnerabilities within a program before a critical safety check, the _libsafe_die function, is executed. This flaw poses a significant risk to applications relying on Libsafe for buffer overflow protection, potentially leading to unauthorized access or arbitrary code execution.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

libsafe-CVE-2005-1125
Created by tagatac

References

http://www.securityfocus.com/archive/1/395999
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/13190
vdb-entryx_refsource_BID
http://www.overflow.pl/adv/libsafebypass.txt
x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.