Just a few bugs this week, a classic buffer overflow because of an unbounded copy in SNIProxy. mast1c0re Part 2 with a few more easy vulnerability but some more complex and difficult exploitation. And a Samsung NPU in-the-wild double free.
Posts tagged 'Binary Podcast'
Its our 200th episode, and we've got some stats from our first 200 episodes. Then we talk some Pwn2Own policy changes, a couple memeable overflows, and some new anti-ROP mitigations on OpenBSD.
We've got a pretty nice root/super-use check bypass in XNU this week, and a sort of double fetch issue in Intel's SMM leading to a potential privilege escalation into the Management system. We've also got a few meme-able Shannon Baseband issues and some tough to exploit out of bound reads in MIT Kerberos V5.
Some simple, but interesting vulnerabilities. A use-after-free because of wrong operation ordering, an interesting type confusion, an integer underflow and some OOB access in TPM 2.0 reference code.
Just one vulnerability this week about hacking the Nintendo DSi browser, but we have a good discussion about fuzzing and a new paper "autofz".
Just a couple issues this week, a cache coherency issue because the functions used to flush changes were not implemented on AARCH64. The second was using the "world's worst fuzzer" to find some bugs. Dumb fuzzer, but it worked.
This week we talk about more Rust pitfalls, and fuzzing cURL. Then we have a couple bugs, one involving messing with the TCP stack to reach the vulnerable condition.
Few discussions this week, from using ASAN for effectively, to vulnerabilities in Rust code, and some discussion about exploiting the OpenSSH double free.
First, we take a look at some positive changes to OSS Fuzz, then we dive into some vulnerabilities. This includes an XNU heap out-of-bounds write vulnerability, a Chrome heap-based overflow vulnerability, and an out-of-bounds read in cmark-gfm that, while probably not exploitable, is still intriguing.
Discussion heavy episode this week, talking about KASAN landing on Windows, shuffling gadgets to make ROP harder, and a paper about automatic exploit primitive discovery.