Category

Cwe 787

Security vulnerabilities and automated fixes for cwe 787 issues

4 posts found

high8 min

How buffer overflow happens in C MemStream.h and how to fix it

A high-severity buffer overflow vulnerability was discovered in `src/avt/IVP/MemStream.h`, where the `read()` and `write()` template methods performed `memcpy` operations without validating that `_pos + nBytes` stayed within the allocated buffer. An attacker supplying crafted serialized integral curve data could trigger out-of-bounds memory reads or writes, potentially corrupting the heap or leaking sensitive memory. The fix adds a single bounds check before each `memcpy`, throwing an `ImproperU

#buffer-overflow#c-plus-plus#memcpy+4 more
O
orbisai0security
Jun 25, 2026
critical10 min

How buffer overflow happens in C LZSS decompression and how to fix it

A high-severity buffer overflow vulnerability was discovered in `user/libprtos/common/lzss.c`, where the LZSS decompression routine failed to validate offset and length values decoded from compressed input before using them as indices into the `text_buf` ring buffer. An attacker supplying crafted compressed data could trigger out-of-bounds reads or writes, potentially leading to memory corruption, information disclosure, or arbitrary code execution. The fix introduces strict bounds validation on

#buffer-overflow#c#lzss+4 more
O
orbisai0security
Jun 9, 2026
critical10 min

Critical Kernel FAT32 Out-of-Bounds Write: Ring 0 Code Execution

A critical memory corruption vulnerability in a kernel FAT32 filesystem driver allowed attackers to trigger out-of-bounds writes by crafting malicious filesystem images, ultimately enabling arbitrary code execution at the highest privilege level (ring 0). The fix adds proper bounds validation for directory entry indices and cluster offsets parsed from on-disk FAT32 structures, closing a complete privilege escalation chain that could give an attacker full control of the system.

#kernel-security#memory-corruption#fat32+4 more
O
orbisai0security
May 10, 2026
critical7 min

Heap Buffer Overflow in MeltedForge Array Insert: Critical Fix

A critical heap buffer overflow vulnerability was discovered and patched in MeltedForge's core array implementation, where the `mfarray` insert operation performed `memmove` and `memcpy` without validating index bounds or available capacity. Left unpatched, this flaw could allow attackers to corrupt heap metadata and adjacent data structures, potentially leading to arbitrary code execution. The fix introduces proper bounds checking before any memory operations are performed.

#c#memory-safety#heap-overflow+4 more
O
orbisai0security
May 9, 2026