Security vulnerabilities and automated fixes for critical issues
4 posts found
A critical use-after-free vulnerability was discovered and patched in `zmap.h`, where freed memory pointers were not reset to a safe state after deallocation in the `map` destructor and move-assignment operator. This oversight allowed subsequent code paths — including destructors, iterators, and concurrent threads — to access memory that had already been returned to the allocator, creating a condition exploitable for arbitrary code execution. The fix, a two-line change adding `inner = {};` after
A critical buffer overflow vulnerability was discovered and patched in `libs/intx/wrapper.cpp`, where `memcpy` operations wrote into fixed-size buffers without first validating that the copy length fit within the destination. Because these functions process externally-supplied data arriving over RPC, an attacker could potentially trigger heap or stack corruption remotely. The fix adds strict bounds and null-pointer checks before any memory operation takes place.
A critical buffer overflow vulnerability was discovered in `uv-common.c`, where a hardcoded 40-byte buffer was used to store IPv6 addresses — 6 bytes too small for the maximum valid IPv6 string length of 46 characters. An attacker supplying a crafted, oversized IP address string could trigger a stack or heap buffer overflow, potentially leading to remote code execution or application crashes. The fix replaces the magic number with the platform-defined `INET6_ADDRSTRLEN` constant, ensuring the bu
A critical buffer overflow vulnerability was discovered in the Vorbis producer module (`src/modules/vorbis/producer_vorbis.c`), where an unchecked `sprintf()` call allowed attacker-controlled metadata from Vorbis audio files to overflow a fixed-size buffer. The fix replaces `sprintf()` with `snprintf()` and adds explicit bounds checking, ensuring that no metadata key — no matter how long or maliciously crafted — can corrupt adjacent memory. This class of vulnerability is one of the oldest and mo