6 matches found
CVE-2020-27302
A stack buffer overflow in Realtek RTL8710 and other Ameba-based devices can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake...
CVE-2024-27302
Go-zero (web/RPC framework) contains a CORS Filter vulnerability where isOriginAllowed uses strings.HasSuffix, enabling bypass by a malicious domain. This can break the CORS policy and allow a page to make requests or retrieve data on behalf of other users. The issue affects the configurable allo...
CVE-2024-27302 Authorization Bypass Through User-Controlled Key in go-zero
go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...
CVE-2024-27302
creationtimestamp| type| source ---|---|--- 2024-03-02 02:42:11+00:00| published-proof-of-concept| https://github.com/zeromicro/go-zero/security/advisories/GHSA-fgxv-gw55-r5fq 2024-03-06 20:26:51+00:00| seen| https://t.me/ctinow/201761 2024-03-06 20:36:23+00:00| seen| https://t.me/ctinow/201782...
CVE-2020-27302
creationtimestamp| type| source ---|---|--- 2021-06-05 12:13:47+00:00| seen| https://t.me/SecLabNews/10336...
CVE-2020-27302
Realtek RTL8710 (and Ameba-based devices) are affected by a stack-based buffer overflow in the memcpy path during WPA2 4‑way handshake when processing a crafted Encrypted GTK value. This can enable remote code execution by an attacker in wireless range. The issue is documented as CVE-2020-27302; ...