#autonomoussystems #Bufferoverflow #connecteddevices #Crosssitescripting(XSS) #cyberattacks #cybersecurity #dataencryption #Dataprivacy #DenialofService(DoS) #deviceencryption #dosattack #hacking #hackinglot #InternetofThings #iOT #IoTpreventionmethods #IoTrisks #IoTSecurity #IoTvulnerabilities #lot #lotdevices #malware #networksecurity #outdatedprotocols #Physicaltampering #Privacybreaches #secureiot
https://miltonmarketing.com/news/hacking-the-iot-vulnerabilities-and-prevention-methods/
@byorgey for some reason I feel like I have to add, the reason Python is better than C is that you don't have to know the definition of the word "pointer". There really isn't any other reason. Don't touch that! It uses pointers!
(ok, I don't mind not using curly braces)
(p.s. check out the etymology of "cat" in Linux)
A critical flaw in Active! Mail is exposing more than 11 million accounts—could your organization be next? Discover how a CVSS 9.8 vulnerability is shaking up Japanese cybersecurity and what you need to do now.
https://thedefendopsdiaries.com/understanding-the-impact-of-the-active-mail-vulnerability/
#activemailvulnerability
#cybersecurity
#cve202542599
#japanesecybersecurity
#bufferoverflow
I published my WriteUp of MagicGardens box from @hackthebox_eu
👇👇👇
https://v0lk3n.github.io/writeup/HackTheBox/Box/MagicGardens/HTB-MagicGardens_WriteUp
I hope that you will like it :)
#HTB #BufferOverflow #CSRF #XSS #DevTools #Missconfiguration #docker #django #Pentest #CyberSecurity #HackTheBox
patching dillo like a dirty dirty snek programmer
https://github.com/geoarrow/geoarrow/pull/40#issuecomment-2504375368 @EvenRouault seems to have hit his limit with CRS stuff. #bufferoverflow
Można bez uwierzytelnienia przejmować pewne routery / urządzenia WiFi. Zobacz podatność CVE-2024-20017
Pokazał się detaliczny opis podatności oraz exploit. Luka występuje w chipsecie MediaTek MT6890, MT7915, MT7916, MT7981, MT7986 (a dokładniej w oprogramowaniu, które jest do niego dołączane przez producenta , a jeszcze dokładniej w linuksowym wappd). Przykładowy exploit został pokazany dla Netgear WAX206. Producent w opisie łatki podaje taką informację: In...
Hello everyone.
In today's article, we examine buffer overflow in detail.
I wish everyone a good read.
https://denizhalil.com/2024/09/03/buffer-overflow-security/
#cyber #cybersecurity #bufferoverflow #cyberattack #ethicalhacking #programming
My understanding of the #CrowdStrike root cause:
They pushed out a defective "Channel file" (some kind of config?) to #FalconSensor customers. This gets uploaded to CrowdStrike's Windows kernel module, which fails to perform correct bounds checking. The resulting #BufferOverflow results in a crash of the kernel module and thus the entire system. Correct?
#BSOD
So, there is bug in all of the ARM CPUs now
@Laberpferd @Natanox das ist grundsätzlich auch gut so damit nicht eine kompromittierte #WebApp oder irgendein mies programmiertes Spiel alla #CubicNinja und damit der Exploit #ninjHax einfach so nen #BufferOverflow machen und damit ein System kompromittieren kann.
7-Zip quietly fixes a buffer overflow vulnerability
https://stackdiary.com/7-zip-quietly-fixes-a-buffer-overflow-vulnerability/
#CyberSecurity #InfoSec #DataBreach #Vulnerability #SoftwareUpdate #7Zip #TechNews #SecurityPatch #BufferOverflow #DataProtection #SecurityAlert #HackerNews #Malware #SecureSoftware #Privacy #CyberAttack #TechAlert #BugFix #SecurityBreach #DataSecurity #CyberSafety #InfosecNews #TechUpdates #SecurityFirst #Exploit #SecureTech #OnlineSecurity #SecureUpdate #SecurityMatters #TechSafety
A recent discovery by Eclypsium's automated system, Automata, revealed a significant vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware used across various Intel Core processors. This flaw, with a CVSS score of 7.5, could lead to a buffer overflow and potentially allow attackers to execute malicious code. Initially found in Lenovo ThinkPad models, it affects multiple versions of Phoenix firmware on Intel processors, including AlderLake, CoffeeLake, and others. This widespread issue underscores the importance of UEFI firmware in device security and highlights the risks posed by vulnerabilities in the firmware supply chain. Phoenix Technologies addressed the vulnerability on May 14, 2024, but given the complexity of the supply chain, many devices may still be at risk. Users are advised to check for firmware updates from their device manufacturer.
#cybersecurity #uefi #vulnerability #firmware #cve #intelcore #bufferoverflow #lenovo #thinkpad #alderlake #coffeelake #updates #eclypsium
#nyancat if you know, you know
#bufferoverflow in my memory cell.
Attacked by European train WiFi
Just realised that the code I wrote which contains a #BufferOverflow if you compile it for a 256 bit CPU is also not #ThreadSafe. Truly I am an awful person.
Buffer Overflow in GNU C Library Affects Older Versions
Date: April 17, 2024
CVE: CVE-2024-2961
Vulnerability Type: Out-of-bounds Write
CWE: [[CWE-787]]
Sources: SecurityVulnerability.io, NVD Mitigation blog
Issue Summary
A critical buffer overflow vulnerability has been identified in the GNU C Library's iconv function when converting charsets to certain Chinese Extended encodings. This flaw occurs when converting strings to the ISO-2022-CN-EXT character set in versions prior to 2.40, potentially leading to application crashes or memory corruption.
Technical Key Findings
The vulnerability stems from improper boundary checks during character set conversion, allowing up to 4 bytes of overflow. This could enable attackers to execute arbitrary code or disrupt program operation by manipulating memory locations adjacent to the buffer.
Vulnerable Products
All versions of GNU C Library older than 2.40 are susceptible. (That's potentially 24 years of a buffer overflow presence in the glibc!)
Impact Assessment
The vulnerability poses a high risk, potentially affecting the confidentiality, integrity, and availability of systems utilizing the affected library versions. There is no evidence of active exploitation yet, but the severity of potential impacts warrants prompt attention.
Patches or Workaround
The GNU C Library has released patches for this vulnerability. Users are advised to update to version 2.40 or later. If you are unable to (or it's not available on your OS yet), you can mitigate this issue by disabling the affected charsets in gconv.
Check if you are vulnerable
// The first line of the linker version info should include the version of glibc (either as GLIBC or GNU libc).
ldd --version
// Check if the vulnerable encodings are enabled in iconv:
iconv -l | grep -E 'CN-?EXT'
If they are, you will see an output like:
ISO-2022-CN-EXT//
ISO2022CNEXT//
Tags
#GNUCLibrary #CVE-2024-2961 #BufferOverflow #SecurityPatch #ISO2022CNEXT #CVE20242961 #iconv #iconvglibc
Hah, interesting. So we have a glibc <=2.39 exploit that can be utilised against php applications (Apache, PHP-FPM) to escalate privileges. Very interesting.
Sadly we don't get more info until Charles Fol's OffensiveCon talk. I'm looking forward to it.
I really want to know and understand how a 24 years old buffer overflow bug in iconv surfaced now and how the buffer overflow (through 4 bytes of the ISO-2022-CN-EXT set) can be exploited to even get privilege escalation. Fascinating.
Heap Buffer Overflow in UPX Identified
Date: March 26, 2024
CVE: To be assigned
Vulnerability Type: Buffer Errors
CWE: [[CWE-122]]
Sources: NIST VULNDB VULNDB Submit
Issue Summary
A heap buffer overflow vulnerability was identified in the [[UPX|Ultimate Packer for eXecutables]] (UPX), specifically in the commit 06b0de9c77551cd4e856d453e094d8a0b6ef0d6d. This issue occurs during the handling of certain data structures, leading to potential memory corruption. The vulnerability was discovered through fuzzing techniques using the Google OSS-Fuzz project.
Technical Key findings
The vulnerability is caused by improper handling of input data, resulting in a heap buffer overflow. This overflow occurs in the handling of packed files during decompression, where the bounds of allocated heap memory are not properly checked.
Vulnerable products
06b0de9c77551cd4e856d453e094d8a0b6ef0d6d.Impact assessment
An attacker could exploit this vulnerability to execute arbitrary code on the target system or cause a denial of service through application crash, potentially compromising the system's integrity and availability.
Patches or workaround
No specific patches or workarounds were mentioned at the time of reporting. Users are advised to monitor the official [[UPX]] GitHub repository for updates.
Tags
#UPX #BufferOverflow #HeapOverflow #SecurityVulnerability #CVE
✨Stack Overflow vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to bypass authentication
https://ssd-disclosure.com/ssd-advisory-totolink-lr1200gb-auth-bypass/
