Security vulnerabilities and automated fixes for c cpp issues
14 posts found
A critical path traversal vulnerability in a ZMODEM file receiver allowed a malicious sender to supply crafted filenames containing directory traversal sequences (like `../../.ssh/authorized_keys`), causing the receiver to write file contents to arbitrary locations on the filesystem. The fix strips path separators and validates filenames before use, ensuring received files can only be written to the intended download directory. This class of vulnerability is a stark reminder that any input origi
A critical stack buffer overflow vulnerability was discovered in `ftm_file.cpp`, where unchecked `strcpy()` calls allowed attacker-controlled filenames from crafted FTM files to overwrite stack memory, including the saved return address, enabling arbitrary code execution on ESP32 devices. The fix replaces both dangerous `strcpy()` calls with bounds-checked `strncpy()` plus explicit null-termination, eliminating the overflow vector entirely. This is a textbook reminder that unsafe C string functi
A critical heap buffer overflow vulnerability was discovered and patched in a vendored copy of `stb_image.h`, a popular single-header image loading library. The root cause was a missing bounds check that allowed attacker-controlled image data to trigger memory writes beyond allocated heap buffers, potentially enabling arbitrary code execution. A single defensive guard — rejecting negative buffer lengths before any memory operation — closes this dangerous attack vector.
A critical out-of-bounds memory access vulnerability was discovered in the FatFSUSB library used by the micro-journal ESP32 firmware, where memcpy operations on a sector buffer accepted attacker-controlled offset and size values from USB SCSI commands without any bounds validation. A malicious USB host could craft SCSI READ/WRITE commands to corrupt memory, potentially crashing the device or executing arbitrary code. The fix adds a simple but essential bounds check before every memcpy operation,
A critical buffer overflow vulnerability was discovered and fixed in `src/display.cpp`, where unsafe C string functions were used without bounds checking. This type of vulnerability can allow attackers to corrupt memory, crash applications, or execute arbitrary code. The fix replaces unbounded functions with size-aware alternatives like `strlcpy` and `snprintf`, eliminating the overflow risk.
A medium-severity buffer overflow vulnerability was discovered and patched in the miniz.h file embedded within the KittyMemoryEx library, a memory manipulation tool used on Android and iOS platforms. The missing buffer-length check could have allowed attackers to exploit ZIP processing code to achieve arbitrary code execution with elevated privileges. This post breaks down how the vulnerability works, why it's dangerous in privileged contexts, and what developers can do to prevent similar issues
A critical heap buffer overflow vulnerability was discovered and patched in the NanoSVG SVG parsing library, where missing bounds checks on memcpy operations allowed attacker-controlled SVG data to overflow heap buffers. Without validation of gradient stop counts and attribute array indices, a specially crafted SVG file could trigger arbitrary code execution. The fix adds proper bounds checking before all memory copy operations, closing a dangerous attack vector present in any application that p
A critical buffer overflow vulnerability was discovered and patched in `common/scanner.h`, where serialization macros wrote scanner state data into caller-supplied buffers without validating available capacity. Left unpatched, a crafted input could corrupt adjacent heap memory, potentially enabling remote code execution or application crashes. This post breaks down how the vulnerability worked, how it was fixed, and what every C/C++ developer should know to avoid similar pitfalls.
A critical buffer overflow vulnerability was discovered and patched in RF24Network, a popular C++ library for mesh networking over nRF24L01 radio modules. Unvalidated attacker-controlled size values in `memcpy` calls allowed any nearby attacker to trigger memory corruption by transmitting malformed radio frames — no authentication required. This post breaks down how the vulnerability works, how it was fixed, and what developers can learn from it.
A critical vulnerability in DeepSkyStackerKernel's StackWalker.cpp was silently replacing bounds-checking string functions with their unsafe counterparts via preprocessor macros, exposing the entire codebase to buffer overflow attacks. This fix removes the dangerous macro definitions that discarded buffer size arguments, restoring the intended memory safety protections across all call sites. Understanding how this subtle macro trick works is essential for any C/C++ developer working with string
A critical heap buffer overflow vulnerability was discovered and patched in firmware audio processing code, where a missing bounds validation before a `memcpy` operation could allow attackers to overflow a heap-allocated audio buffer and overwrite adjacent memory. This type of vulnerability is particularly dangerous in embedded firmware because it can lead to arbitrary code execution, system crashes, or complete device compromise. The fix adds proper bounds checking before the copy operation, en
A critical buffer overflow vulnerability was discovered in the ENC28J60 Ethernet driver, where incoming packet data was copied into a fixed-size buffer without validating the packet's self-reported length. On embedded systems lacking ASLR, this flaw could allow an attacker on the same network segment to craft a malicious Ethernet frame and achieve arbitrary code execution. The fix introduces proper bounds checking before the memcpy operation, closing a highly reliable attack vector on constraine