Collaborate Disseminate
I am trying to analyze CVE-2023-34453. As per the NVD description, there is an integer overflow error in snappy-java, specifically in the method shuffle(int[] input) in BitShuffle.java.
In a huge codeline this CVE was detected, and I want … Continue reading If a library has a vulnerable function, but my code doesn’t call it, is my code at risk? Do I need to update?
In circom, Num2bits() from circomlib is primarily intended for converting an Integer into an array of bits.
But because of it’s optional parameter, it can be used to prevent overflows such as :
inp = Num2bits(120);
inp.in = (3);
would che… Continue reading Can Num2bits be used to guard against underflows?
640Kbytes of RAM should be enough for anyone… Continue reading Never say never! Warren Buffett caught up in integer overflow error…
I am trying to stop integer overflow vulnerabilities by creating a simple wrapper around malloc(3) and related functions. The idea is that it returns a NULL pointer if the amount of required memory is too large for the size_t argument (or… Continue reading Is this malloc wrapper safe?
I’m preparing for an introductory information security examination in university and this is one of the examination questions on Secure Programming.
In such questions, I would usually catch for Buffer Overflow or Integer Ove… Continue reading Exploiting vulnerabilities in the C code
Four vulnerabilities could “SACK” connected devices with denial-of-service exploits. Continue reading Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline
I’m talking about the overflow flag that is used in some architectures like x86:
https://en.wikipedia.org/wiki/Overflow_flag
why aren’t operating systems using this overflow flag to stop integer overflows?
what is the usag… Continue reading If x86 architecture has overflow flag in the CPU, then why can’t we use it to detect integer overflows in C binaries?
Users of the open-source project should upgrade immediately. Continue reading Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
Hackers using a specially crafted XLS files can trigger several remote code execution vulnerabilities in the LibXL library. Continue reading Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks
Libarchive was patched against three memory-related vulnerabilities, putting pressure on admins to ensure third-party software that also uses the library is patched. Continue reading Patched libarchive Vulnerabilities Have Big Reach