Vulnerabilities (Page 27)

exploit for CVE-2022-2588

A logic bug in the Linux kernel’s route4_change() function for route filters that lead to use-after-free (UAF).The problem has to do with how filters are added, particularly when a filter already existed on a handle and needs to be copied over to a new filter…

 

Crow HTTP framework use-after-free

A use-after-free vulnerability in the Crow HTTP Framework owing to the input reader being agnostic to HTTP Pipelining (sending more than one HTTP request without waiting for a response on the same connection) and asynchronous workers tracking state expecting one request per connection.

 

Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library

Three vulns that were discovered in Netlify’s Next.js lib, which is heavily used across many cryptocurrency sites due to it’s web3 support. With that context in mind, CIA (confidentiality, integrity, availability) is interesting with web3, as integrity is critical; the data coming from a trusted site needs to be trustworthy, as most users won’t go digging through the blockchain to verify a particular address or transaction matches.