Vulnerabilities tagged "binary"

Our Pwn2Own journey against time and randomness (part 2)

Just a somewhat common and vulnerable use a cryptography.The `signature` of a firmware was not truly a signature but a hash of the content + a secret key, as the binary code that verifies the firmware is present on the device the "secret" key used is not kept secret and one could create their own firmware that would pass the signature check but contain arbitrary content...
 

Shell in the Ghost: Ghostscript CVE-2023-28879 writeup

A pretty classic string escaping bug in GhostScript, one common and buggy edge case when escaping characters in a buffer is to not properly account for escapes that happen at the very limit of the destination buffer.As was the case here, despite checking that the limit of the buffer was not reached on every iteration, when a character was found that should be escaped, it would write to the destination buffer write, first with the escape character (`0x01`) and then again with an XOR'd version of the character to be escaped...
 
1
2
3
4
5
6
7