Security vulnerabilities and automated fixes for serialization security issues
1 post found
A high-severity buffer overflow vulnerability was discovered in `src/avt/IVP/MemStream.h`, where the `read()` and `write()` template methods performed `memcpy` operations without validating that `_pos + nBytes` stayed within the allocated buffer. An attacker supplying crafted serialized integral curve data could trigger out-of-bounds memory reads or writes, potentially corrupting the heap or leaking sensitive memory. The fix adds a single bounds check before each `memcpy`, throwing an `ImproperU