Security vulnerabilities and automated fixes for cwe 190 issues
14 posts found
A high-severity vulnerability was discovered in `lvl_script_commands.c` where the use of the non-reentrant `strtok()` function during level script parsing created conditions for memory corruption and potential arbitrary code execution. The fix replaces all `strtok()` calls with the thread-safe `strtok_r()` variant, eliminating shared global state that could be exploited through maliciously crafted level files. This change is part of a broader effort to harden the game's script parsing pipeline a
A critical heap buffer overflow vulnerability was discovered and patched in the centitoml TOML parser, where missing integer overflow validation on a `MALLOC(len+1)` call could allow an attacker to trigger memory corruption via a crafted TOML configuration file. The vulnerability (CWE-190) is reachable through community-distributed mod or map files that the game loads from its `config/` directory, making it a realistic attack vector for remote code execution. A targeted one-line guard now preven
A high-severity vulnerability in `src/parser/koala.l` allowed an attacker to craft a malicious `.kl` source file that, when parsed by the Koala compiler, could trigger a chain of memory safety bugs — integer overflow, use-after-free, and out-of-bounds access — ultimately enabling arbitrary code execution at the privilege level of the compiler process. The fix introduces strict input validation guards that break this exploitation chain before it can begin. This is a reminder that parsers and comp
A critical integer overflow vulnerability was discovered in a C-based audio reader where `malloc()` was called with an unchecked multiplication of `n_samples * sizeof(float)`, allowing heap buffer overflows through attacker-controlled input. The fix replaces raw `malloc()` calls with Ruby's safe `ALLOC_N` macro and wraps allocation logic in a protected, exception-safe block. This prevents heap memory corruption that could lead to arbitrary code execution or application crashes.
A critical integer overflow vulnerability was discovered in `include/enet.h` where size calculations derived from attacker-controlled network values could overflow before being passed to `enet_malloc`, resulting in undersized heap allocations and subsequent heap corruption. The fix adds proper bounds checking to sector I/O code, preventing attackers from triggering heap overflows by sending crafted network packets. This class of vulnerability is particularly dangerous in networked applications b
A critical integer overflow vulnerability was discovered and patched in the GIF decoder library `libnsgif`, where multiplying width, height, and pixel byte values from untrusted GIF headers could silently overflow, causing heap buffer corruption during image processing. This class of vulnerability is particularly dangerous because it originates from attacker-controlled input and can lead to arbitrary code execution or process crashes. The fix introduces explicit overflow checks before any memory
A critical integer overflow vulnerability in `uri.c` allowed attackers to craft malicious URI strings that caused an undersized heap allocation followed by an out-of-bounds `memcpy`, leading to heap corruption. The fix adds mandatory bounds validation before any memory allocation, ensuring the `len + 1` calculation cannot silently wrap around to zero. Left unpatched, this vulnerability could enable remote code execution through carefully crafted URI inputs.
A critical integer overflow vulnerability was discovered and patched in `src/asb_governor.c`, where an unchecked multiplication during buffer reallocation could produce a dangerously undersized heap allocation on 32-bit systems. An attacker with a crafted session file could trigger heap corruption, potentially leading to arbitrary code execution. The fix adds proper overflow detection before any memory allocation, closing a classic but devastating class of memory safety bug.
A critical integer overflow vulnerability in DNS record processing code could have allowed a malicious DNS server to trigger a heap buffer overflow, potentially enabling remote code execution. The fix ensures safe bounds checking before performing size calculations, closing a subtle but devastating attack vector that lurks in network-facing C code.
A critical buffer overflow vulnerability was discovered and patched in `src/gl/array.c`, where the vertex array copy function computed `memcpy` sizes from unvalidated user-controlled parameters, enabling attackers to trigger massive out-of-bounds memory writes. The bug combined two dangerous arithmetic pitfalls — unsigned integer underflow and multiplication overflow — creating a perfect storm for memory corruption. This fix closes a path that could lead to remote code execution, data corruption
A critical integer overflow vulnerability was discovered and patched in `rtg/mntgfx-gcc.c`, where an unvalidated bit-shift operation used to compute a graphics pattern blit copy size could trigger undefined behavior, silent data corruption, or a devastating out-of-bounds memory write. This post breaks down exactly how a single missing bounds check can turn a routine graphics operation into a serious security and stability threat, and what developers can do to prevent similar issues in their own
A medium-severity integer overflow vulnerability was discovered and patched in a Rust file transfer receiver, where unchecked byte accumulation could allow attackers to bypass file size limits by exploiting arithmetic wraparound in release builds. The fix replaces a simple `+=` operation with Rust's `checked_add` method, which returns an error instead of silently wrapping around. This is a great reminder that even memory-safe languages like Rust can harbor subtle numeric vulnerabilities in relea