Articles with tag: Buffer Overflow
POSTED BY: Angelos T. Kalaitzidis / 24.05.2022

Multiple vulnerabilities in radare2

CENSUS ID:CENSUS-2022-0001
CVE IDs:CVE-2022-0419, CVE-2021-44974, CVE-2021-44975
Affected Products:radare2 versions prior to 5.6.0
Class:NULL pointer dereference (CWE-476), Heap-based buffer overflow (CWE-122)
Discovered by:Angelos T. Kalaitzidis

CENSUS identified a number of NULL pointer dereference and Heap buffer overflow bugs in the radare2 project code. Radare2 is a popular reverse engineering framework. CENSUS has verified that release 5.6.0 of radare2 carries the appropriate fixes to remediate all of the identified issues.


POSTED BY: George Poulios / 21.10.2020

Microchip cryptoauthlib atcab_genkey_base buffer overflow

CENSUS ID:CENSUS-2020-0004
CVE ID:CVE-2019-16129
Affected Products:cryptoauthlib versions prior to "20191122"
Class:Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)
Discovered by:George Poulios

CENSUS identified a buffer overflow vulnerability in the atcab_genkey_base function of the cryptoauthlib library. This library is part of the standard SDK provided by Microchip and is used to drive the operation of cryptographic co-processors sold by the vendor, such as the ATECC608A. An attacker with physical access to an embedded device where a microcontroller unit executes a vulnerable version of this library, may be able to execute arbitrary code on the microcontroller, by supplying malicious input to the microcontroller. Affected manufacturers of embedded systems that use Microchip cryptographic co-processors, are strongly recommended to update to at least version "20191122" of the "cryptoauthlib" library.


POSTED BY: George Poulios / 21.10.2020

Microchip cryptoauthlib atcab_sign_base buffer overflow

CENSUS ID:CENSUS-2020-0003
CVE ID:CVE-2019-16128
Affected Products:cryptoauthlib versions prior to "20191122"
Class:Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)
Discovered by:George Poulios

CENSUS identified a buffer overflow vulnerability in the atcab_sign_base function of the cryptoauthlib library. This library is part of the standard SDK provided by Microchip and is used to drive the operation of cryptographic co-processors sold by the vendor, such as the ATECC608A. An attacker with physical access to an embedded device where a microcontroller unit executes a vulnerable version of this library, may be able to execute arbitrary code on the microcontroller, by supplying malicious input to the microcontroller. Affected manufacturers of embedded systems that use Microchip cryptographic co-processors, are strongly recommended to update to at least version "20191122" of the "cryptoauthlib" library.


POSTED BY: Stelios Tsampas / 11.01.2016

GDCM buffer overflow in ImageRegionReader :: ReadIntoBuffer

CENSUS ID:CENSUS-2016-0001
CVE ID:CVE-2015-8396
Affected Products:Applications using GDCM versions < 2.6.2 and the ImageRegionReader :: ReadIntoBuffer API call
Class:Integer Overflow or Wraparound (CWE-190)
Discovered by:Stelios Tsampas

Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM are listed here and here.