#buffer_overflow

Ubuntu Security Notice 6855-1 - Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Gentoo Linux Security Advisory 202407-4 - A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow. Versions greater than or equal to 0.42.2 are affected.

Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to code bases anytime soon.

Affected devices could include wireless access points, routers, switches and VPNs.

Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target codebase," Google Project Zero researchers Sergei Glazunov and Mark Brand said. "The agent is provided

The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache.

CVE-2024-27815 is a buffer overflow in the XNU kernel that was reported in sbconcat_mbufs. It was publicly fixed in xnu-10063.121.3, released with macOS 14.5, iOS 17.5, and visionOS 1.2. This bug was introduced in xnu-10002.1.13 (macOS 14.0/ iOS 17.0) and was fixed in xnu-10063.121.3 (macOS 14.5/ iOS 17.5). The bug affects kernels compiled with CONFIG_MBUF_MCACHE.

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the Trusted Platform

Ubuntu Security Notice 6842-1 - It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Debian Linux Security Advisory 5713-1 - A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially the execution of arbitrary code if malformed IPv6 router advertisements are processed.