Category Archives: Bugs

Analysis of CVE-2013-0809

This post is about the analysis of CVE-2013-0809, a java security bug I’ve found. As it is common for java bugs, the most relevant information can be found in RedHat’s CVE database and in RedHat’s bugzilla. In this case it … Continue reading

Posted in Bugs, Security | Tagged , , , , , | 4 Comments

Analysis of CVE-2012-0711 (IBM DB2 Integer Signedness Error)

It this post I’m going to analyse the details of CVE-2012-0711 (IBM’s security bulettin), an integer signedness bug, I’ve found in IBM DB2 Express-C a while ago. The description of the bug: “Integer signedness error in the db2dasrrm process in … Continue reading

Posted in Bugs, Security | Tagged , , , , , | Leave a comment

Analysis of CVE-2011-3545 (ZDI-11-307)

I’ve decided to share the details of the first 0-day I’ve found. There are a lot of Java vulnerabilities nowadays, mainly originating from bytecode verifier bugs or desing flaws in the JDK, which can be exploited usign pure java code … Continue reading

Posted in Bugs, Security | Tagged , , , , | 7 Comments

Debugging Java VM’s JITed code

Recently I’ve run into some misterious Java VM crashes. After narrowing down the crashing code, I’ve ended up with this POC: It must be run with -XX:CompileThreshold=100 VM option, to enable the JIT compiler to do it’s work “early”. With … Continue reading

Posted in Bugs | Tagged , , , , , , | 2 Comments