Security Research

Security Blog

Page 20

high7 min

CVE-2026-40073: How a BODY_SIZE_LIMIT Bypass in @sveltejs/adapter-node Put Your App at Risk

CVE-2026-40073 is a high-severity vulnerability in `@sveltejs/adapter-node` that allows attackers to bypass the `BODY_SIZE_LIMIT` configuration, potentially enabling denial-of-service attacks and resource exhaustion against SvelteKit applications. The vulnerability was silently present in versions prior to `@sveltejs/kit` 2.57.1, and has now been patched by upgrading the dependency across all affected project examples. If your application relies on body size limits to protect against oversized p

#svelte#sveltekit#cve+4 more
O
orbisai0security
May 28, 2026
medium7 min

Integer Overflow in Packet Reassembly: How One Missing Check Enables Heap Corruption

A critical heap buffer overflow vulnerability was discovered in the network packet reassembly function of `net_channel_ex.c`, where an attacker-controlled `bodylen` field could be used to corrupt heap memory without any bounds validation. The fix introduces a simple yet effective integer overflow check before accumulating packet body lengths, preventing malformed packets from triggering memory corruption. This type of vulnerability is a stark reminder that even low-level arithmetic operations in

#buffer-overflow#integer-overflow#network-security+4 more
O
orbisai0security
May 28, 2026
critical8 min

Critical Buffer Overflow in IPv6 Parsing: How a Wrong Array Size Could Crash Your App

A critical buffer overflow vulnerability was discovered in `uv-common.c`, where a hardcoded 40-byte buffer was used to store IPv6 addresses — 6 bytes too small for the maximum valid IPv6 string length of 46 characters. An attacker supplying a crafted, oversized IP address string could trigger a stack or heap buffer overflow, potentially leading to remote code execution or application crashes. The fix replaces the magic number with the platform-defined `INET6_ADDRSTRLEN` constant, ensuring the bu

#buffer-overflow#c-security#network-security+4 more
O
orbisai0security
May 28, 2026
critical7 min

Stack Buffer Overflow in FTM File Parser: How strcpy() Almost Enabled Arbitrary Code Execution on ESP32

A critical stack buffer overflow vulnerability was discovered in `ftm_file.cpp`, where unchecked `strcpy()` calls allowed attacker-controlled filenames from crafted FTM files to overwrite stack memory, including the saved return address, enabling arbitrary code execution on ESP32 devices. The fix replaces both dangerous `strcpy()` calls with bounds-checked `strncpy()` plus explicit null-termination, eliminating the overflow vector entirely. This is a textbook reminder that unsafe C string functi

#buffer-overflow#c-cpp#embedded-security+4 more
O
orbisai0security
May 28, 2026
critical8 min

Critical Kernel Buffer Overflow Fixed in BPF x86 Native Lab Module

A critical buffer overflow vulnerability (CWE-120) was discovered and patched in `module/x86/bpf_x86_native_lab.c`, where a bounds check on BPF blob length was only performed inside an `emit` conditional branch — leaving a window for kernel memory corruption when `emit` was false. The fix relocates the length validation before any branching logic, ensuring no code path can proceed with an oversized blob. This type of kernel-level vulnerability is particularly dangerous because successful exploit

#kernel-security#buffer-overflow#bpf+4 more
O
orbisai0security
May 28, 2026
high8 min

When Network Frames Attack: Fixing a Heap Buffer Overflow in lwIP's Hosted Driver

A critical heap buffer overflow vulnerability was discovered in the `lwip_hosted_rx_input` function of the lwIP hosted wireless driver, where raw network frames from an ESP-hosted interface were copied into packet buffers without validating the frame length against the buffer's maximum capacity. Because `pbuf_alloc` uses an unsigned 16-bit integer for size, an attacker on the same wireless network could craft a packet with an oversized length field, causing silent integer truncation and subseque

#buffer-overflow#embedded-security#lwip+4 more
O
orbisai0security
May 28, 2026
critical8 min

Critical Buffer Overflow in OpenCC C Library: How a sprintf() Call Became a Security Vulnerability

A critical buffer overflow vulnerability was discovered in the OpenCC C library's configuration reader, where an unbounded `sprintf()` call could allow attackers to overflow a fixed-size buffer by supplying malformed configuration files with excessively long path components. The fix replaces `sprintf()` with `snprintf()` and adds proper line-length validation to prevent memory corruption attacks. Left unpatched, this vulnerability could have allowed attackers to overwrite return addresses and fu

#buffer-overflow#c-security#sprintf+4 more
O
orbisai0security
May 28, 2026
critical8 min

Critical Null Pointer Dereference Fixed in Wii Input Handler: How One Missing NULL Check Could Crash Your Game

A critical null pointer dereference vulnerability was discovered in `source/input.c`, where the `GetIRPointer()` function accessed WPAD controller data without first verifying the pointer was valid. An attacker or unexpected hardware state could trigger this flaw to crash the application or, in more sophisticated scenarios, redirect execution flow. The fix adds a single but essential NULL check before dereferencing the pointer, closing the door on this class of vulnerability entirely.

#null-pointer#c-programming#input-handling+4 more
O
orbisai0security
May 28, 2026
medium8 min

Buffer Overflow via Unsafe sprintf() in C Game Menu: How Shared Campaign Files Could Lead to Code Execution

A series of unbounded `sprintf()` calls in `src/mainmenu.c` created a realistic buffer overflow attack chain, allowing an attacker to craft a malicious campaign file that triggers arbitrary code execution when loaded by a victim. The fix replaces each unsafe `sprintf()` with `snprintf()`, enforcing strict buffer size limits and eliminating the overflow conditions. Because campaign files are routinely shared in game communities, this vulnerability required no special access and posed a significan

#buffer-overflow#c-security#sprintf+4 more
O
orbisai0security
May 28, 2026
critical8 min

Heap Buffer Overflow in Path Normalization: How Two Unsafe memcpy Calls Almost Became a Critical Exploit

A critical heap buffer overflow vulnerability was discovered and patched in `src/aux.c`, where two `memcpy` calls in a path normalization function copied data into buffers without verifying sufficient capacity. An attacker capable of influencing the current working directory path — through deeply nested directories or crafted symlinks — could trigger heap corruption with potentially severe consequences. The fix introduces an integer overflow guard that ensures buffer allocation math cannot wrap

#c#buffer-overflow#heap-corruption+4 more
O
orbisai0security
May 28, 2026
critical9 min

Critical Memory Safety Vulnerabilities in FITS File Processing: Buffer Overflows, Integer Overflows, and Unsafe String Operations Fixed

A critical set of memory safety vulnerabilities was discovered and patched in `src/try_to_guess_image_fov.c`, a C-based FITS astronomical image processing pipeline. The vulnerabilities — including unsafe string operations, improper memory allocation, and potential integer overflows — created a comprehensive attack surface that could allow an attacker to craft a malicious FITS file and achieve arbitrary code execution. The fix replaces dangerous patterns like `strncpy` with `snprintf`, switches `

#buffer-overflow#memory-safety#c-programming+4 more
O
orbisai0security
May 28, 2026
high8 min

CVE-2026-41676: Fixing a High-Severity rust-openssl Vulnerability by Upgrading to 0.10.78

CVE-2026-41676 is a high-severity vulnerability in the rust-openssl crate, which provides OpenSSL bindings for Rust applications. The fix involves upgrading the dependency from version 0.10.75 to 0.10.78 in the project's Cargo.lock file, closing a security gap that could expose applications to adversarial exploitation. Keeping cryptographic dependencies current is one of the most impactful and straightforward security practices any Rust team can adopt.

#rust#openssl#cve+4 more
O
orbisai0security
May 28, 2026