Unicorn-Engine Unicorn Engine vulnerabilities

CVE-2022-29693 [HIGH] CWE-401 CVE-2022-29693: Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_clos Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.

CVE-2022-29694 [HIGH] CWE-476 CVE-2022-29694: Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ra Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.

CVE-2022-29695 [HIGH] CWE-665 CVE-2022-29695: Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initializatio Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization.

CVE-2022-29692 [HIGH] CWE-416 CVE-2022-29692: Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.

CVE-2021-44078 [HIGH] CWE-697 CVE-2021-44078: An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty

CVE-2021-36979 [MEDIUM] CWE-787 CVE-2021-36979: Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb an Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).

CVE-2020-36431 [MEDIUM] CWE-787 CVE-2020-36431: Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm. Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.