Category

Code Execution

Security vulnerabilities and automated fixes for code execution issues

4 posts found

critical7 min

How command injection happens in Node.js subprocess and how to fix it

A critical command injection vulnerability in `tools/dev/src/index.ts` allowed attackers to execute arbitrary shell commands through unsanitized subprocess arguments. The fix was simple but essential: explicitly setting `shell: false` in the `spawn()` call to prevent shell metacharacter interpretation. This vulnerability demonstrates why subprocess handling requires explicit security controls in Node.js.

#command-injection#node.js#security+4 more
O
orbisai0security
Jun 26, 2026
critical6 min

How buffer overflow happens in C memcpy() without length validation and how to fix it

A critical buffer overflow vulnerability was discovered in `src/script_engine/core/script_engine_core.c` at line 392, where `memcpy` copied an error message into a buffer without validating the source length against any maximum. The fix introduces a length cap of 4096 bytes and ensures proper null-termination, preventing heap corruption and potential remote code execution through crafted script error messages.

#security#buffer-overflow#c+4 more
O
orbisai0security
Jun 10, 2026
critical8 min

Critical Buffer Overflow in plugin.c: How Unsafe sprintf() Calls Enable Code Execution

A critical buffer overflow vulnerability was discovered and patched in plugin.c, where five unbounded sprintf() calls wrote into fixed-size buffers without validating input length. An attacker controlling NVMe device names or plugin metadata could exploit this to overwrite return addresses and achieve arbitrary code execution. The fix eliminates these unsafe calls, closing a classic but devastatingly effective attack vector.

#buffer-overflow#C#security+4 more
O
orbisai0security
May 13, 2026
critical5 min

Critical Buffer Overflow in Restore Utility: How Unbounded strcpy() Leads to Code Execution

A critical buffer overflow vulnerability was discovered and fixed in the system restore utility where unbounded strcpy() calls allowed attacker-controlled data to overflow fixed-size buffers. This classic C programming mistake could enable arbitrary code execution through crafted tape archives, highlighting why secure string handling remains essential in 2024.

#security#buffer-overflow#c-programming+4 more
O
orbisai0security
May 8, 2026