Security vulnerabilities and automated fixes for network security issues
21 posts found
A critical heap buffer overflow vulnerability was discovered and patched in the SSDP control point implementation (`ssdp_ctrlpt.c`), where multiple unbounded `strcpy` and `strcat` operations constructed HTTP request buffers without any length validation. Network-received SSDP response fields — including service type strings and location URLs — could be crafted by an attacker to exceed buffer boundaries, potentially enabling arbitrary code execution or denial of service. The fix replaces the unsa
A high-severity vulnerability was discovered in an NFS utilities configuration where rpcbind (port 111) accepted RPC service registrations without any authentication, allowing any network-accessible attacker to register malicious services under legitimate RPC program numbers and redirect NFS clients. The fix adds critical security documentation and network isolation guidance, ensuring operators understand that rpcbind must be protected by host-level firewalling or Kubernetes network policies to
A critical heap buffer overflow vulnerability was discovered in a DHCP server implementation where the hardware address length field (`hlen`) from an attacker-controlled packet was trusted without validation, allowing up to 239 bytes of heap corruption. The fix adds a simple bounds check before the memory copy, ensuring the copy length never exceeds the destination buffer size. This type of vulnerability can lead to remote code execution, denial of service, or full system compromise in network-f
A critical heap buffer overflow vulnerability was discovered in ShadowsocksR-libev's server.c, where network-supplied data was copied into fixed-size heap buffers without verifying that the source length fit within the destination. An attacker could craft a malicious packet with an oversized length field to overflow the heap, potentially enabling remote code execution or denial of service. The fix adds proper bounds checking, null pointer validation after memory allocation, and reallocation fail
A critical heap buffer overflow vulnerability was discovered in the network packet reassembly function of `net_channel_ex.c`, where an attacker-controlled `bodylen` field could be used to corrupt heap memory without any bounds validation. The fix introduces a simple yet effective integer overflow check before accumulating packet body lengths, preventing malformed packets from triggering memory corruption. This type of vulnerability is a stark reminder that even low-level arithmetic operations in
A critical buffer overflow vulnerability was discovered in `uv-common.c`, where a hardcoded 40-byte buffer was used to store IPv6 addresses — 6 bytes too small for the maximum valid IPv6 string length of 46 characters. An attacker supplying a crafted, oversized IP address string could trigger a stack or heap buffer overflow, potentially leading to remote code execution or application crashes. The fix replaces the magic number with the platform-defined `INET6_ADDRSTRLEN` constant, ensuring the bu
A critical heap buffer overflow vulnerability was discovered in the `lwip_hosted_rx_input` function of the lwIP hosted wireless driver, where raw network frames from an ESP-hosted interface were copied into packet buffers without validating the frame length against the buffer's maximum capacity. Because `pbuf_alloc` uses an unsigned 16-bit integer for size, an attacker on the same wireless network could craft a packet with an oversized length field, causing silent integer truncation and subseque
A critical buffer overflow vulnerability was discovered in the `iiod` parser's `yy_input()` function, where an off-by-one bounds check allowed an oversized network input stream to overflow a fixed-size buffer, potentially overwriting adjacent stack or heap memory. Because this code path is reachable from the network without authentication, a remote attacker could exploit this flaw to achieve arbitrary code execution. The fix tightens the bounds enforcement and ensures the function returns the co
A medium-severity vulnerability in the ESP32-audioI2S library allowed audio streaming credentials to be transmitted via HTTP Basic Authentication over unencrypted HTTP connections, making them trivially recoverable by anyone on the same network. The fix gates the Authorization header behind an SSL/TLS check, ensuring credentials are only sent when the connection is encrypted. For embedded IoT devices where credentials are often hardcoded in firmware, this kind of passive interception risk is esp
A critical vulnerability in an embedded HTTP server allowed any unauthenticated attacker to upload and flash arbitrary firmware images to a network switch — no credentials required. Because malicious firmware survives reboots and factory resets, a successful attack could permanently compromise an entire fleet of devices with backdoors or rootkits. The fix adds an authentication gate and corrects dangerous CRC-check logic that would reset the device even on a failed checksum.
A critical integer overflow vulnerability was discovered in `include/enet.h` where size calculations derived from attacker-controlled network values could overflow before being passed to `enet_malloc`, resulting in undersized heap allocations and subsequent heap corruption. The fix adds proper bounds checking to sector I/O code, preventing attackers from triggering heap overflows by sending crafted network packets. This class of vulnerability is particularly dangerous in networked applications b
A critical heap buffer overflow vulnerability was discovered in veejay's `packet.c` networking code, where `veejay_memcpy` operations used attacker-controlled size values from network packet headers without any boundary validation. This flaw could allow a remote attacker to send crafted packets that trigger heap corruption, potentially leading to arbitrary code execution. The fix adds proper buffer-length checks before any memory copy operations, ensuring that packet sizes are validated against