A local unprivileged attacker can cause a heap buffer out-of-bounds write in osquery prior to 5.23.1 on Windows, potentially leading to local privilege escalation from standard user to SYSTEM. This issue is related to publisher information parsing in getOriginalProgramName when querying the authenticode table targeting a maliciously crafted binary. Users of osquery on Windows, especially those with unpriv [truncated]
A local unprivileged attacker can cause a heap buffer out-of-bounds write in osquery prior to 5.23.1 on Windows, potentially leading to local privilege escalation from standard user to SYSTEM. This issue arises from unchecked PEB string lengths in process command-line and current-directory reads when querying the processes table. The vulnerability affects osquery versions prior to 5.23.1 on Windows platforms.
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not created with private permissions. If the carve targets a directory that the attacker controls, arbitrary file reads [truncated]