CVE-2019-11932 PoC — Facebook WhatsApp 资源管理错误漏洞

Source

https://github.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932

Associated Vulnerability

Title:Facebook WhatsApp 资源管理错误漏洞 (CVE-2019-11932)
Description:Facebook WhatsApp是美国Facebook公司的一套利用网络传送短信的移动应用程序。该应用程序通过智能手机中的联络人信息，查找使用该软件的联络人传送文字、图片等。基于Android平台的Facebook WhatsApp 2.19.244之前版本中的libpl_droidsonroids_gif 1.2.18之前版本的decoding.c文件的DDGifSlurp函数存在资源管理错误漏洞。远程攻击者可利用该漏洞执行任意代码或造成拒绝服务。

Description

Exploit Analysis of The WhatsApp Double-Free Vulnerability (CVE-2019-11932) Using the GEF-GDB Debugger

Readme

# WhatsApp-Double-Free-Vulnerability_CVE-2019-11932
Exploit Analysis of The WhatsApp Double-Free Vulnerability (CVE-2019-11932) Using the GEF-GDB Debugger

This vulnerability was found by researcher Awakened, who published an exploit PoC of this bug. In this blog, I will demonstrate how this exploit works by dynamically debugging it with GEF-GDB, showing how to use its double-free bug to execute arbitrary code.

File Snapshot


 [4.0K]  /data/pocs/2a9ea23060bea3016ae39f0087b6574b919f463b
├── [1.3M]  Exploit Analysis of The WhatsApp Double-Free Vulnerability (CVE-2019-11932) Using the GEF-GDB Debugger .pdf
└── [ 416]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!