CVE-2022-29227 Use after free in Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local...

CVE-2022-29227

Envoy has a use-after-free in versions before 1.22.1 triggered when replaying an HTTP request with an internal redirect that contains more than the HTTP headers; if a local reply is emitted while redirect headers are processed and the downstream state marks the stream incomplete, Envoy attempts t...

CVE-2022-29225

CVE-2022-29225 affects Envoy where secompressors in versions before 1.22.1 accumulate decompressed data and overwrite the body during decode/encode, potentially allowing a zip bomb attack that exhausts memory and causes DoS. The connected sources confirm this behavior and the advised mitigation i...

Null pointer dereference

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� prevent removal...

CVE-2022-29224

CVE-2022-29224 : Envoy

CVE-2022-29224 Segmentation fault leading to crash in Envoy

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” prevent removal upstrea...

This Week in Spring - June 7th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...

Lockc - Making Containers More Secure With eBPF And Linux Security Modules (LSM)

lockc is open source sofware for providing MAC Mandatory Access Control type of security audit for container workloads. The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated as VMs. By default, they expose a lot of information about host OS...

Caller always pays for ETH even for ETH offer items

Lines of code Vulnerability details Impact It's possible to create ItemType.NATIVE offer items that the offerer should pay for but this is not possible as only the caller fulfiller can send native tokens ETH when fulfilling an order. Therefore, this item type does not make sense in an offer. The...

[WP-H1] OrderFulfiller.sol#_applyFractionsAndTransferEach() Orders with offerItem.itemType == ItemType.NATIVE are not processed properly

Lines of code Vulnerability details // Reduce available value if offer spent ETH or a native token. if offerItem.itemType == ItemType.NATIVE // Ensure that sufficient native tokens are still available. if amount etherRemaining revert InsufficientEtherSupplied; // Skip underflow check as a...

FlightRadar24 安全漏洞

FlightRadar24 is a global flight tracking service from the US company FlightRadar24. Real-time information is available for thousands of airplanes around the world. A security vulnerability exists in FlightRadar24 for Android versions v8.9.0, v8.10.0, v8.10.2, v8.10.3, and v8.10.4, which can be...

This Week in Spring - May 31st, 2022

Hi, Spring fans! And welcome to another installment of This Week in Spring! Ive just returned from three wonderful weeks overseas and now, Im pleased as punch to convey, that Im home! And hopefully, COVID-19 free! Who knows what sort of nonsense I caught on the flight home, anyway. Some things, I...

Denial Of Service (DoS)

@chainsafe/lodestar is vulnerable to denial of service. The vulnerability exists because the library uses the uint64 values as native javascript numbers, allowing an attacker to crash the application by providing large uint64 values greater than 2^53 through the maliciously-crafted AttesterSlashi...

Adobe Reader and Acrobat Sandbox Bypass Vulnerability

Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context...

Use After Free in Hermes

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

GHSA-MPH8-6787-R8HW Use After Free in Hermes

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

GHSA-X4CF-6JR3-3QVP Out-of-bounds Read in Facebook Hermes

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

Out-of-bounds Read in Facebook Hermes

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

Always-Incorrect Control Flow Implementation in Facebook Hermes

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...

GHSA-327C-QX3V-H673 Always-Incorrect Control Flow Implementation in Facebook Hermes

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...