#buffer_overflow

Gentoo Linux Security Advisory 202407-16 - A vulnerability has been discovered in Coreutils, which can lead to a heap buffer overflow and possibly arbitrary code execution. Versions greater than or equal to 9.4-r1 are affected.

308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more.

Ubuntu Security Notice 6855-1 - Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Gentoo Linux Security Advisory 202407-4 - A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow. Versions greater than or equal to 0.42.2 are affected.

Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to code bases anytime soon.

Affected devices could include wireless access points, routers, switches and VPNs.

Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target codebase," Google Project Zero researchers Sergei Glazunov and Mark Brand said. "The agent is provided

The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache.

CVE-2024-27815 is a buffer overflow in the XNU kernel that was reported in sbconcat_mbufs. It was publicly fixed in xnu-10063.121.3, released with macOS 14.5, iOS 17.5, and visionOS 1.2. This bug was introduced in xnu-10002.1.13 (macOS 14.0/ iOS 17.0) and was fixed in xnu-10063.121.3 (macOS 14.5/ iOS 17.5). The bug affects kernels compiled with CONFIG_MBUF_MCACHE.

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the Trusted Platform