Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.

**Cross-site Scripting (XSS) in froxlor/froxlor**

Moderate severity GitHub Reviewed Published Oct 13, 2023 to the GitHub Advisory Database • Updated Oct 13, 2023

GHSA-j5hq-6frc-64v3: Cross-site Scripting (XSS) in froxlor/froxlor

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.








%PDF-1.7 %���� 193 0 obj <> endobj 217 0 obj <>/Encrypt 194 0 R/Filter/FlateDecode/ID\[<45ABE724E55DAD4D846015193B9C4179><27416F8FC7DC2B469F6B2BB55C31DF91>\]/Index\[193 40\]/Info 192 0 R/Length 113/Prev 172988/Root 195 0 R/Size 233/Type/XRef/W\[1 3 1\]>>stream h�bbd\`\`\`b\`\`f�L�A$C�d����\`v8X�;Xe:�d߁ Yg�H�,����k��)�D���a<�lf��f���j���Z���� ����j�����n endstream endobj startxref 0 %%EOF 232 0 obj <>stream w���\_�ى�\\�"�n��mH�0�",J�mLN�M�F� =.�$���(��dZ�M�\`�b�TKDJ�d�Xo�|�-Y�?sP<�� ��}�Ck�ٌ��Y�:�� �(��/mR�$h\[EG��x�T�݃\[��=\\;\_���b4��Oia7�K��# endstream endobj 194 0 obj <>>>/Filter/Standard/Length 256/O(��FW�Z\\)5\\n�f�w �c�O��3���������w'\\nG:uO~�Ѱ)/OE(����Em��>��W��w6�����f�H�����)/P -1324/Perms(G�����G6���1t;��)/R 6/StmF/StdCF/StrF/StdCF/U(<���f�v��vv�J��Omj@��v�8�E����!>\$\$W�^O���)/UE(7S6S�4}IEYc���,�e�eF�Z�����)/V 5>> endobj 195 0 obj <>/Metadata 6 0 R/PageLayout/OneColumn/Pages 191 0 R/StructTreeRoot 11 0 R/Type/Catalog>> endobj 196 0 obj <>/ProcSet\[/PDF/Text\]>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>> endobj 197 0 obj <>stream ����C嗼�S�zk�V�܋��8G�h#!��\\�B�g�v%M=Ј�O�\`� �\_b�ߍgnB������J���6Y1vj�e\\������\_:��8��Dc:�ϰ�hځ��:�=���p��&f�o��0| #9� �=��ល�W� A� /�����û���tI/b��I�lvv��j��)���c\*8�to}|\`�$��2ip�,����GuE��Tb�� �M�,�@�����|a�aP��~vʲ����L� �rPu�!\*GbO��IɃB��5�����r���\[��{�i^ J��� :��GΆ�\\k\_X�~�� ���8�\`�U��T.�\*o��;xQ#�&�d~��Z7�煱9�#=�����7δC�>S�N��+���\*E�����G���ֱ��p2ŊٖhʬEr��-|���Y�\[�h�Q��hl�Qcܝ�\*�S�ve �>�T�ԛ �IY�󍮰&��y����f�{F��P���@�� �w=� &9D�GPd0�Bv^���¬r�K�ᤦ�VR�7d�W�Y9jo��p�Ad(�\[ D�L�f;ʬ, ^$cs�d�%�xe<�C}U0�"�����^G�ɴ1�N^^����t^��"΂使ק����/��6�9�ՒQ>��C�AT�\\ �\\��f���%D�EVf6K�k����@�\`ڸ��8�t���c��'X�u�T��������}���U�wbd }�Pk^���4��\_���3!3����JET?�kL>&DQe��;����MS�x.�l��&�����i�җ�؆�R���L�#��"���&��Ȉ{�$Z�/\[�<ص��8�$���ՓVs����ew\`(2�d�4l|��|�m�b"˼��Km ��� \`0� 6�d�Y��D,��qW�!kH��wt�˂��Kԝ\[�.װ���&I9�=���d�6\`����>��k���N ��O����zP �Z�86������ϵTڍ�f��~�'��H�w�d�#�y#x�#�e|���F�;,ױ��-E������u� endstream endobj 198 0 obj <>stream ���jTI�;-��F���}o/I�W ��\*�6|,l)�s26r�ځ"l�nK��l5�~��H��f@i%z@a��2y@7����;D��w\_6;�w�6�������m�"�\`�$�V��C!V@����^���d0�6���m���L���&�l��v�'��%kA5�S�p��Lo�e �HO8tT�'\_��IA�2�͢}e�6Id?u@�MX+pS��}�^A\`��O���ߵ=��{ٌ!3ܑ������\[S�&م�ц�����q endstream endobj 199 0 obj <>stream ��?��>X�g� ��\*�lrh�T�\[z\_�xBYLa�sg

CVE-2023-4562

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 448

*   Code
*   Issues 42
*   Pull requests 5
*   Actions
*   Projects 3
*   Wiki
*   Security
*   Insights

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

enable markdown syntax in custom\_notes field

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

*   Loading branch information

d00p committed

Oct 2, 2023

1 parent a808a3f commit e8ed430

Showing **9 changed files** with **511 additions** and **39 deletions**.

*   composer.json
*   composer.lock
*   *   *   Markdown.php
    *   *   *   Customer.php
            *   Text.php
        *   *   FroxlorTwig.php
*   *   de.lng.php
    *   en.lng.php
*   *   index.html.twig

4 changes: 2 additions & 2 deletions composer.json

Expand Up

@@ -53,10 +53,10 @@

"froxlor/idna-convert-legacy": "^2.1",

"voku/anti-xss": "^4.1",

"twig/twig": "^3.3",

"erusev/parsedown": "^1.7",

"symfony/console": "^5.4",

"pear/net\_dns2": "^1.5",

"amnuts/opcache-gui": "^3.4"

"amnuts/opcache-gui": "^3.4",

"league/commonmark": "^2.4"

},

"require-dev": {

"phpunit/phpunit": "^9",

Expand Down

**0 comments on commit e8ed430**

Please sign in to comment.

CVE-2023-5564: enable markdown syntax in custom_notes field · Froxlor/Froxlor@e8ed430

An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-41263: advisories/ATREDIS-2023-0001.md at master · atredispartners/advisories

Finding the right post-quantum cryptographic (PQC) algorithms is necessary, but not sufficient, to future-proof cybersecurity.

The quantum threat to cybersecurity is easy enough to state. A quantum computer of sufficient size can efficiently factor integers and compute discrete logarithms by Shor's algorithm, breaking much of the public-key cryptography in use today, including Rivest–Shamir–Adleman (RSA) and elliptic curve cryptography (ECC). Vulnerable public-key cryptography permeates all layers of the stack, creating a pressing need for post-quantum cryptography (PQC) — public-key algorithms that can protect against quantum computing threats.

Security analysis of the National Institute for Standards and Technology (NIST) candidate algorithms for PQC standardization suggests the need for cryptographic agility, meaning the ability to easily change the underlying cryptographic algorithms or implementations. For example, in the third and fourth rounds of the NIST algorithm evaluation process, experts developed novel attacks against the GeMSS and Rainbow digital signature schemes and the KEM candidate SIKE, causing their elimination from consideration. And recent research demonstrated a side-channel attack on Crystals-Kyber — one of the four algorithms NIST selected for standardization.

In a few years' time, it is unlikely that PQC algorithms and implementations will look exactly as they do now. However, organizations cannot afford to wait to begin the migration to PQC. A breakthrough in quantum computing research could mean that a quantum computer with enough power to break current public-key cryptography gets deployed before organizations have fully inventoried and upgraded all instances of vulnerable cryptography in all internal and third-party applications. Cryptographic orchestration — the ability to centrally view and manage the use of cryptography throughout an enterprise — needs to be a near-term strategy to address security and compliance at scale.

**The Importance of Agility**

The typical deployment model for cryptography is highly decentralized and fragmented, with cryptography coupled directly to end applications and provided by a mix of platform- or language-specific libraries. This model, in turn, leads to reduced visibility and agility. As a result, it is no wonder that a recent memo from the NSA sets a target date of 2035 for the migration to PQC — over 10 years from now.

To balance the need to begin migration now with the realities of an immature ecosystem, organizations should pursue PQC solutions that are agile. Fundamentally, cryptographic agility for a library, protocol, or application means the ability to swap out the cryptographic algorithms or implementations in use with minimal disruption. A cryptographically agile system can rapidly respond to novel cryptanalysis or implementation bugs by easily swapping out or upgrading vulnerable cryptography. Cryptographic agility also allows systems to take advantage of new implementations that are faster or use less memory.

Cryptographic agility, however, should not be the end of the story. Just as with previous transitions — from DES to AES, MD5 to SHA-1, and SHA-1 to SHA-2 — cryptographic algorithms have a life cycle that includes improved iterations and occasionally a phase-out stage. To future-proof their security, organizations should look to develop or integrate solutions with cryptographic orchestration — a single system interface to track and manage the cryptography in use by applications and devices throughout the entire algorithm life cycle.

**Why Orchestration Matters**

The idea of cryptographic orchestration mirrors software-defined networking (SDN) in computer networking. Managing a traditional IP network is a time-intensive, error-prone process that involves manually configuring switches, routers, and middleboxes using vendor-specific tools or command-line interfaces.

The innovation of SDN is a layer of middleware that abstracts away the low-level details of the switches and routers responsible for forwarding packets and exposes an abstract interface at the network policy level. The middleware ensures that the low-level elements implement a given policy. With SDN, implementing dynamic routing policies at scale becomes a tractable problem.

Cryptographic orchestration applies a similar level of abstraction and automation on top of the low-level entities executing cryptographic protocols or algorithms to expose an interface for cryptographic policy. By working at the level of policy, orchestration can also ease the burden for organizations to meet current and future regulatory and compliance requirements at scale.

In the migration to PQC, consider that any compliance target, such as FIPS 140-2, that references vulnerable public-key cryptography will have to change with the quantum threat. Cryptographic orchestration makes such tasks much easier by providing visibility into which algorithms, key sizes, key rotation policies, or entropy sources any instance of cryptography is using, in addition to providing the means to easily swap out vulnerable or noncompliant instances. Orchestration will become even more important as the number of devices and applications in an organization increases due to computing trends such as "bring your own device" (BYOD) and the Internet of Things (IoT).

**PQC Lessons for Enterprise**

Overall, the migration to PQC brings a couple of key considerations for enterprise security to the forefront. First, the PQC standardization process is still ongoing. Experts continue to attack and probe the candidates, while submission teams look to patch deficiencies and optimize implementations in software and hardware. In the short term, the shifting PQC landscape requires cryptographic agility in libraries, protocols, and applications to securely navigate the migration away from vulnerable public-key algorithms.

Second, the PQC process more broadly reminds us that cryptographic algorithms have a life cycle. Classical public-key algorithms are nearing the end of their life cycle, whereas most of the PQC algorithms are still at the beginning. No one can foresee if a new classical or quantum attack will make a particular algorithm obsolete and require yet another migration — or if another technology as disruptive as quantum computing is on the horizon. Consequently, it is critical that we engineer systems that can adequately respond to new developments. Orchestrated and agile cryptography is a vision to achieve this lofty goal and empower organizations to meet security, regulatory, and compliance goals at scale.

Though the PQC migration represents a major challenge for organizations across government and industry, it also represents a fantastic opportunity to shift the enterprise cryptography paradigm toward one of agility and orchestration.

Making the Case for Cryptographic Agility and Orchestration

This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl  vulnerabilities in their environments.

Security teams don’t have to swing into crisis mode to address the recently fixed vulnerabilities in the command-line tool curl and the libcurl library, but that doesn't mean they don't have to worry about identifying and remediating impacted systems. If the systems are not immediately exploitable, security teams have some time to make those updates.

This Tech Tip aggregates guidance on what security teams need to do to ensure they aren't at risk.

A foundational networking tool for Unix and Linux systems, cURL is used in command lines and scripts to transfer data. Its prevalence is due to the fact that it is used as both a standalone utility (curl) as well as a library that is included in many different types of applications (libcurl). The libcurl library, which allows developers to access curl APIs from their own code, can be introduced directly into the code, used as a dependency, used as part of an operating system bundle, included as part of a Docker container, or installed on a Kubernetes cluster node.

**What Is CVE-2023-38545?**

The high severity vulnerability affects curl and libcurl versions 7.69.0 to 8.3.0, and the low severity vulnerability impacts libcurl versions 7.9.1 to 8.3.0. However, the vulnerabilities cannot be exploited under default conditions. An attacker trying to trigger the vulnerability would need to point curl at a malicious server under the attacker’s control, make sure curl is using a SOCKS5 proxy using proxy-resolver mode, configure curl to automatically follow redirects, and set the buffer size to a smaller size.

According to Yair Mizrahi, a senior security researcher at JFrog, the libcurl library is vulnerable only if the following environment variables are set: _CURLOPT\_PROXYTYPE_  set to type _CURLPROXY\_SOCKS5\_HOSTNAME_; or _CURLOPT\_PROXY_ or _CURLOPT\_PRE\_PROXY_  set to scheme _socks5h://_. The library is also vulnerable if one of the proxy environment variables is set to use the _socks5h://_ scheme. The command-line tool is vulnerable only if it is executed with the _\-socks5-hostname_ flag, or with _\--proxy_ (-x) or _\--preproxy_ set to use the scheme _socks5h://_. It is also vulnerable if curl is executed with the affected environment variables.

“The set of pre-conditions needed in order for a machine to be vulnerable (see previous section) is more restrictive than initially believed. Therefore, we believe the vast majority of curl users won’t be affected by this vulnerability,” Mizrahi wrote in the analysis.

**Scan the Environment for Vulnerable Systems**

The first thing organizations need to do is to scope their environments to identify all systems using curl and libcurl to assess whether those preconditions exist. Organizations should inventory their systems and evaluate their software delivery processes using software composition analysis tools for code, scanning containers, and application security posture management utilities, notes Alex Ilgayev, head of security research at Cycode. Even though the vulnerability does not affect every implementation of curl, it would be easier to identify the impacted systems if the team starts with a list of potential locations to look.

The following commands identify which versions of curl are installed:

_Linux/MacOS:_

_find / -name curl 2>/dev/null -exec echo "Found: {}" \\; -exec {} --version \\;_

_Windows:_

_Get-ChildItem -Path C:\\ -Recurse -ErrorAction SilentlyContinue -Filter curl.exe | ForEach-Object { Write-Host "Found: $($\_.FullName)"; & $\_.FullName --version }_

GitHub has a query to run in Defender for Endpoint to identify all devices in the environment that have curl installed or use curl. Qualys has published its rules for using its platform.

Organizations using Docker containers or other container technologies should also scan the images for vulnerable versions. A sizable number of rebuilds are expected, particularly in docker images and similar entities that incorporate liburl copies. Docker has pulled together a list of instructions on assessing all images.

_To find existing repositories:_

_docker scout repo enable --org <org-name> <org-name>/scout-demo_

_To analyze local container images:_

_docker scout policy \[IMAGE\] --org \[ORG\]_

This issue highlights the importance of keeping meticulous track of all open source software being used in an organization, according to Henrik Plate, a security researcher at Endor Labs.

“Knowing about all the uses of curl and libcurl is the prerequisite for assessing the actual risk and taking remediation actions, be it patching curl, restricting access to affected systems from untrusted networks, or implementing other countermeasures,” Plate said.

If the application comes with a software bill of materials, that would be a good place to start looking for instances of curl, adds John Gallagher, vice president of Viakoo Labs.

Just because the flaws are not exploitable doesn’t mean the updates are not necessary. Patches are available directly for curl and libcurl, and many of the operating systems (Debian, Ubuntu, Red Hat, etc.) have also pushed fixed versions. Keep an eye out for security updates from other applications, as libcurl is a library used by many operating systems and applications.

One workaround until the updates can be deployed is to force curl to use local hostname resolving when connecting to a SOCKS5 proxy, according to JFrog’s Mizrahi. This syntax uses the socks5 scheme and not socks5h: _curl -x socks5://someproxy.com_. In the library, replace the environment variable _CURLPROXY\_SOCKS5\_HOSTNAME_ with _CURLPROXY\_SOCKS5_.

According to Benjamin Marr, a security engineer at Intruder,  security teams should be monitoring curl flags for excessive large strings, as that would indicate the system had been compromised. The flags are _\--socks5-hostname_, or _\--proxy_ or _\--preproxy_ set to use the scheme _socks5h://_.

How to Scan Your Environment for Vulnerable Versions of Curl

**PRESS RELEASE**

**(Lehi, UT) Oct. 12, 2023 —** DigiCert, a leading global provider of digital trust, today announced its next generation Discovery, a set of key capabilities in DigiCert® Trust Lifecycle Manager that enable customers to build a centralized book of record of their cryptographic keys and certificates. This centralized view, when coupled with management and automated provisioning and renewal, improves cryptoagility, reducing the time and resources needed to update algorithms, rotate keys and certificates and remediate threats.

"The majority of organizations have not yet implemented a centralized crypto-management solution," said DigiCert Chief Product Officer Deepika Chauhan. "This is becoming critical now, as IT leaders consider how to transition their cryptographic algorithms and certificates to quantum-safe standards in order to protect their organizations against 'harvest now, decrypt later' strategies."

In a recent Gartner® report1, Senior Director Analyst Brian Lowans wrote, "All cryptographic technologies will need to evolve to cope with the future threat of quantum computing, which is increasing the need for innovative technologies such as crypto-agility, postquantum cryptography and quantum key distribution."

Trust Lifecycle Manager Discovery employs a broad set of methods for finding certificates within an organization, including integration with private CAs, such as AWS Private CA and Microsoft CA, integration with vulnerability management solutions such as Qualys and Tenable, integrations with web servers and load balancers, and port-based scanning. 

"The integration of Qualys Vulnerability Management, Discovery and Response (VMDR) and DigiCert products enables our customers to manage and automate the cryptographic assets that they discover in their vulnerability scans," said Pinkesh Shah, Chief Product Officer, Qualys. "This seamless integration enables companies to tightly couple their vulnerability management and cryptoagility strategies, improving their security posture and agility while reducing their cyber risk."

Learn more about Trust Lifecycle Manager Discovery here. 

1.  Gartner, Hype Cycle™ for Data Security, 2023, Brian Lowans, 14 July 2023

GARTNER and HYPE CYCLE are registered trademarks of Gartner, Inc. and/or its affiliates in the US and internationally and is used herein with permission. All rights reserved.

**About DigiCert, Inc.**  
DigiCert is a leading global provider of digital trust, enabling individuals and businesses to engage online with the confidence that their footprint in the digital world is secure. DigiCert® ONE, the platform for digital trust, provides organizations with centralized visibility and control over a broad range of public and private trust needs, securing websites, enterprise access and communication, software, identity, content and devices. DigiCert pairs its award-winning software with its industry leadership in standards, support and operations, and is the digital trust provider of choice for leading companies around the world. For more information, visit www.digicert.com or follow @digicert.

DigiCert Announces Comprehensive Discovery of Cryptographic Assets

**PRESS RELEASE**

**REDWOOD CITY, Calif., October 11, 2023 –** Appdome, the mobile one-stop shop for mobile app defense, today released new threat evaluation tools inside ThreatScope™ Mobile XDR to deliver enhanced monitoring, investigation and threat evaluation for mobile apps and brands globally. Among the new tools is Threat-Inspect™, a powerful new ability to investigate, drill down, share and report on defenses, attacks and threats in the production environment. 

Appdome's ThreatScope™ Mobile XDR gathers thousands of threat signals from mobile app security, hacking, fraud, malware, cheat, and bot attacks from inside deployed mobile apps, and translates that data into brand relevant views that cyber, fraud and business teams can use to evaluate and respond to mobile threats and attacks in real time. The new evaluation tools include: (1) Threat-Inspect, for deep threat inspection, (2) Threat-Views™, for creating savable monitoring perspectives by app, device, OS, attacks and other parameters, and (3) Threat-Snapshots for ease of reporting and collaboration. ThreatScope Mobile XDR is pre-integrated with Appdome’s Cyber Defense Automation platform for Android & iOS apps for instant response to any cyber or fraud attack. 

"Real-time attack data from the native mobile app channel is full of surprises," said Tom Tovar, co-creator and CEO of Appdome. "Our new evaluation tools, including Threat-Inspect, allow even faster and deeper investigation into cyber and fraud data from the mobile channel and empower mobile brands to view this data from a business context."

The new threat evaluation features in ThreatScope Mobile XDR provide mobile businesses and brands: 

**Threat-Inspect™** allows cyber teams to pivot between "All" and “Unique” attacks as well as between attacks and “Impacted Devices,” to see the number of unique devices experiencing each attack. This new capability allows cyber responses to be tailored to the specific threat(s) in the production environment while also easing the remediation burden for mobile users and brands globally. 

A unique feature of Threat-Inspect is that it also can be used in conjunction with Appdome’s recently released Build-to-Test automated testing capability. Build2Test allows Appdome-protected mobile apps to be used inside automated mobile app testing suites, logging all security events for the developer to track and monitor. These logged security events are now visualized inside Threat-Inspect.  

**Threat-Views™** allows security teams to zoom in and monitor specific aspects of the mobile app defense, attack and threat data shown on ThreatScope. Create and save any number of Threat-Views to monitor one or more mobile applications, OS, OS Version, attack vector, mobile app release, Fusion Set (defense model), geographic region or other parameter. Threat-Views enable persistent business level viewing and analysis, which is essential for demonstrating ROI and keeping the overall mobile business safe. 

**ThreatScope Snapshots™**allow cyber teams to export and share real-time mobile app defense and attack snapshots from ThreatScope, Threat-Views or Threat-Inspect data. Use ThreatScope Snapshots to keep cyber, fraud, and business teams informed on progress in stopping security, fraud, malware, and other attacks, demonstrate compliance, or collaborate with other teams internally. 

Powering these features are new levels of metadata now available in ThreatScope. These include enhanced attack, threat and fraud metadata including geo-location, unique identifiers for threats and impacted installations as well as new options such as IP address and more. This metadata allows mobile brands to click to see all the in-production mobile apps and installations impacted by each attack or threat. Simply click on a specific attack or threat and choose the impact view needed by each business line. IP address and unique device data can now also be downloaded for offline analysis. 

"These enhancements to ThreatScope really raise the bar on actionable, interactive risk and threat intelligence for mobile apps," said Eric Newcomer, CTO and Principal Analyst at Intellyx. "You can drill down on device data to see which devices are impacted, and explore different views by geo-location, threat ID, and IP address – all in real time. And you can now capture and export the data for internal distribution."

Appdome's Threat-Scope Mobile XDR is the only XDR solution offering consolidated, real-time, cyber security, fraud, malware, cheat and bot attack and threat intelligence from in-production Android & iOS apps. With ThreatScope Mobile XDR, mobile brands, developers, cyber and fraud teams can immediately respond with updated security models, build-by-build and release-by-release and prioritize protections that have a real impact on the mobile business and users. The entire ThreatScope Mobile XDR capability inside Android & iOS apps without any burden on mobile dev teams, including no code, no SDK and no servers to deploy and, most importantly, no separate agent installed on the mobile device. 

"Once you see the data in ThreatScope Mobile XDR, you can't live without it," said Chris Roeckl, Chief Product Officer at Appdome. "Combining real-time data with instant action is the only way to combat the huge diversity, sophistication and relentlessness hackers, attackers and fraudsters use to compromise mobile apps, brands, and users globally."

For more information about ThreatScope™ Mobile XDR visit: www.appdome.com 

**About Appdome**  

Appdome, the mobile app economy’s one-stop-shop for mobile app defense, is on a mission to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry’s only mobile application Cyber Defense Automation platform, powered by a patented artiﬁcial-intelligence based coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, save money and deliver 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, MOBILEBot™ Defense, anti-cheat, MiTM attack prevention, code obfuscation and other protections in Android and iOS apps with ease, all inside the mobile DevOps and CI/CD pipeline. Leading ﬁnancial, healthcare, mobile games, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.

Appdome Announces Attack Evaluation Tools in Digital Economy's Mobile XDR

A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

**tsMuxer****Vision**

This project is for tsMuxer - a transport stream muxer for remuxing/muxing elementary streams. This is very useful for transcoding and this project is used in other products such as Universal Media Server.

EVO/VOB/MPG, MKV/MKA, MP4/MOV, TS, M2TS to TS to M2TS.

Supported video codecs H.264/AVC, H.265/HEVC, H.266/VVC (Alpha release), VC-1, MPEG2. Supported audio codecs AAC, AC3 / E-AC3(DD+), DTS/ DTS-HD - please note TrueHD must have the AC3 core intact.

Some of the major features include:

*   Ability to set muxing fps manually and automatically
*   Ability to change level for H.264 streams
*   Ability to shift a sound tracks
*   Ability to extract DTS core from DTS-HD
*   Ability to join files
*   Output/Author to compliant Blu-ray Disc or AVCHD
*   Blu-ray 3D support

**Ethics**

This project operates under the W3C's Code of Ethics and Professional Conduct:

> W3C is a growing and global community where participants choose to work together, and in that process experience differences in language, location, nationality, and experience. In such a diverse environment, misunderstandings and disagreements happen, which in most cases can be resolved informally. In rare cases, however, behavior can intimidate, harass, or otherwise disrupt one or more people in the community, which W3C will not tolerate.
> 
> A Code of Ethics and Professional Conduct is useful to define accepted and acceptable behaviors and to promote high standards of professional practice. It also provides a benchmark for self evaluation and acts as a vehicle for better identity of the organization.

We hope that our community group act according to these guidelines, and that participants hold each other to these high standards. If you have any questions or are worried that the code isn't being followed, please contact the owner of the repository.

**Language**

tsMuxer is written in C++. It can be compiled for Windows, Linux and Mac.

**History**

This project was created by Roman Vasilenko, with the last public release 20th January 2014. It was open sourced on 23rd July 2019, to aid the future development.

**Installation**

Please see INSTALLATION.md for installation instructions.

**Usage**

Please see USAGE.md for usage instructions.

**Todo**

The following is a list of changes that will need to be made to the original source code and project in general:

*   the program doesn't support MPEG-4 ASP, even though MPEG-4 ASP is defined in the TS specification
*   no Opus audio support
*   several muxing bugs when muxing a HEVC/UHD stream - results in an out-of-sync stream
*   has issues with 24-bit DTS Express
*   issues with the 3D plane lists when there are mismatches between the MPLS and M2TS

**Contributing**

We’re really happy to accept contributions from the community, that’s the main reason why we open-sourced it! There are many ways to contribute, even if you’re not a technical person.

We’re using the infamous simplified Github workflow to accept modifications (even internally), basically you’ll have to:

*   create an issue related to the problem you want to fix (good for traceability and cross-reference)
*   fork the repository
*   create a branch (optionally with the reference to the issue in the name)
*   hack hack hack
*   commit incrementally with readable and detailed commit messages
*   submit a pull-request against the master branch of this repository

We’ll take care of tagging your issue with the appropriated labels and answer within a week (hopefully less!) to the problem you encounter.

If you’re not familiar with open-source workflows or our set of technologies, do not hesitate to ask for help! We can mentor you or propose good first bugs (as labeled in our issues). Also welcome to add your name to Credits section of this document.

All pull requests must pass code style checks which are executed with clang-format version 9. Therefore, it is advised to install an appropriate commit hook (for example this one) to your local repository in order to commit properly formatted code right away.

**Submitting Bugs**

You can report issues directly on Github, that would be a really useful contribution given that we lack some user testing on the project. Please document as much as possible the steps to reproduce your problem (even better with screenshots).

**Building**

For full details on building tsMuxer for your platform please see the document on COMPILING.

**Testing**

The very rough and incomplete testing document is available at TESTING.md.

**Financing**

We are not currently accepting any kind of donations and we do not have a bounty program.

**Sponsorships**

The project is part of the MacStadium Open Source Program to create native Apple Silicon executables for Mac OS.

**Versioning**

Version numbering follows the Semantic versioning approach.

**License**

We’re using the Apache 2.0 license for simplicity and flexibility. You are free to use it in your own project.

**Credits**

**Original Author** Roman Vasilenko (physic)

**Contributors**

*   Daniel Bryant (justdan96)
*   Daniel Kozar (xavery)
*   Jean Christophe De Ryck (jcdr428)
*   Stephen Hutchinson (qyot27)
*   Koka Abakum (abakum)
*   Alexey Shidlovsky (alexls74)
*   Lonely Crane (lonecrane)
*   Markus Feist (markusfeist)

For sake of brevity I am including anyone who has merged a pull request!

CVE-2023-45511: GitHub - justdan96/tsMuxer: tsMuxer is a transport stream muxer for remuxing/muxing elementary streams, EVO/VOB/MPG, MKV/MKA, MP4/MOV, TS, M2TS to TS to M2TS. Supported video codecs H.264/AVC, H.265/H

tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.

**Description**

**We found a alloc-dealloc-mismatch (operator new \[\] vs operator delete) error when using tsMuxer/tsmuxer.**

**ASAN Log**

\=================================================================
==4087327==ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new \[\] vs operator delete) on 0x610000000040
    #0 0x5d946d in operator delete(void\*) (/afltest/tsMuxer/tsMuxer/tsmuxer+0x5d946d)
    #1 0x6e88a3 in MatroskaDemuxer::readClose() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1041:42
    #2 0x6fca23 in MatroskaDemuxer::~MatroskaDemuxer() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.h:11:35
    #3 0x6fcc97 in MatroskaDemuxer::~MatroskaDemuxer() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.h:11:33
    #4 0x73ed9e in METADemuxer::DetectStreamReader(BufferedReaderManager const&, std::\_\_cxx11::basic\_string<char, std::char\_traits<char>, std::allocator<char> > const&, bool) /afltest/tsMuxer/tsMuxer/metaDemuxer.cpp:669:9
    #5 0x6bb225 in detectStreamReader(char const\*, MPLSParser\*, bool) /afltest/tsMuxer/tsMuxer/main.cpp:114:34
    #6 0x6c76ef in main /afltest/tsMuxer/tsMuxer/main.cpp:689:17
    #7 0x7ffff798b082 in \_\_libc\_start\_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16
    #8 0x530d5d in \_start (/afltest/tsMuxer/tsMuxer/tsmuxer+0x530d5d)

0x610000000040 is located 0 bytes inside of 184-byte region \[0x610000000040,0x6100000000f8)
allocated by thread T0 here:
    #0 0x5d8d1d in operator new\[\](unsigned long) (/afltest/tsMuxer/tsMuxer/tsmuxer+0x5d8d1d)
    #1 0x6f3be7 in MatroskaDemuxer::matroska\_add\_stream() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1893:53
    #2 0x6ee754 in MatroskaDemuxer::matroska\_parse\_tracks() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1746:19
    #3 0x6e9989 in MatroskaDemuxer::matroska\_read\_header() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1228:19
    #4 0x6e7b5a in MatroskaDemuxer::openFile(std::\_\_cxx11::basic\_string<char, std::char\_traits<char>, std::allocator<char> > const&) /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1027:5
    #5 0x73c0d9 in METADemuxer::DetectStreamReader(BufferedReaderManager const&, std::\_\_cxx11::basic\_string<char, std::char\_traits<char>, std::allocator<char> > const&, bool) /afltest/tsMuxer/tsMuxer/metaDemuxer.cpp:608:18
    #6 0x6bb225 in detectStreamReader(char const\*, MPLSParser\*, bool) /afltest/tsMuxer/tsMuxer/main.cpp:114:34
    #7 0x6c76ef in main /afltest/tsMuxer/tsMuxer/main.cpp:689:17
    #8 0x7ffff798b082 in \_\_libc\_start\_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: alloc-dealloc-mismatch (/afltest/tsMuxer/tsMuxer/tsmuxer+0x5d946d) in operator delete(void\*)
\==4087327\==HINT: if you don't care about these errors you may set ASAN\_OPTIONS=alloc\_dealloc\_mismatch=0
\==4087327==ABORTING

**Location**

0x610000000040 is located 0 bytes inside of 184-byte region \[0x610000000040,0x6100000000f8)  
allocated by thread T0 here:  
#0 0x5d8d1d in operator new\[\](unsigned long) (/afltest/tsMuxer/tsMuxer/tsmuxer+0x5d8d1d)  
#1 0x6f3be7 in MatroskaDemuxer::matroska\_add\_stream() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1893:53  
#2 0x6ee754 in MatroskaDemuxer::matroska\_parse\_tracks() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1746:19  
#3 0x6e9989 in MatroskaDemuxer::matroska\_read\_header() /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1228:19  
#4 0x6e7b5a in MatroskaDemuxer::openFile(std::\_\_cxx11::basic\_string<char, std::char\_traits, std::allocator > const&) /afltest/tsMuxer/tsMuxer/matroskaDemuxer.cpp:1027:5  
#5 0x73c0d9 in METADemuxer::DetectStreamReader(BufferedReaderManager const&, std::\_\_cxx11::basic\_string<char, std::char\_traits, std::allocator > const&, bool) /afltest/tsMuxer/tsMuxer/metaDemuxer.cpp:608:18  
#6 0x6bb225 in detectStreamReader(char const\*, MPLSParser\*, bool) /afltest/tsMuxer/tsMuxer/main.cpp:114:34  
#7 0x6c76ef in main /afltest/tsMuxer/tsMuxer/main.cpp:689:17  
#8 0x7ffff798b082 in \_\_libc\_start\_main /build/glibc-BHL3KM/glibc-2.31/csu/../csu/libc-start.c:308:16

**Destructor of class MatroskaDemuxer：**

**Version**

./tsmuxer --version
tsMuxeR version git-2539d07. github.com/justdan96/tsMuxer

tsMuxeR version git-2539d07 is the latest version.

**Reference**

https://github.com/justdan96/tsMuxer

****Actual Behavior****

Alloc-dealloc-mismatch

**PoC**

PocTsmuxer.mkv: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/PocTsmuxer.mkv

**Reproduction**

cd tsMuxer
./tsMuxer/tsmuxer PocTsmuxer.mkv

**Environment**

    ubuntu:20.04
    gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
    clang version 10.0.0-4ubuntu1
    afl-cc++4.09
    

**Credit**

Zeng Yunxiang (\[Huazhong University of Science and Technology\](http://cse.hust.edu.cn/))

Tag

#git