CVE-2024-51491

CVE-2024-51491 affects notation-go (CRL revocation cache). The root cause is CRL cache updates via os.Rename: when source and destination reside on different mount points, the operation can fail with EXDEV, causing a crash of notation and aborting signature verification. Affected component is crl...

notation-go has an OS error when setting CRL cache leads to denial of signature verification

Summary The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating...

Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks

By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical "PixieFail" Flaws Expose Millions of Devices to Cyberattacks...

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other,...

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

A pair of serious security defects has been disclosed in the Trusted Platform Module TPM 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017 , concerns an out-of-bounds write, while the other,...

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and...

Binbloom 缓冲区错误漏洞

Binbloom is an open source tool from Quarkslab. It is used to analyze raw binary firmware and automatically determine some of its characteristics. A security vulnerability exists in Binbloom version 2.0, which originates from a heap buffer overflow contained in the readpointer function via...

Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. CoTURN contains denial-of-service and memory corruption vulnerabilities in the way its web server parses POST requests. CoTURN is a TURN server implementation that can be used as a general- purpose network traff...

Triton - Dynamic Binary Analysis (DBA) Framework

Triton is a dynamic binary analysis DBA framework. It provides internal components like a Dynamic Symbolic Execution DSE engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least...

For NXP I. MX microprocessor HAB vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword NXP（NXP）semiconductor production company i. The MX Series application processor of the Secure Boot features in the presence of two vulnerabilities, two vulnerabilities by Quarkslab the two researchers Guillaume Delugré and Kévin Szkudłapski found this article on the two vulnerabilit...

OpenVPN Audits Yield Mixed Bag

Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the open source software; one found the software was cryptographically sound, while another found two legitimate vulnerabilities. The news comes after it was announced in December the SSL VP...

Encryption software VeraCrypt audit reports published, discovered multiple high risk vulnerabilities attached report download-vulnerability warning-the black bar safety net

! In DuckDuckGo and VikingVPN funded by QuarksLab recent open-source encryption software VeraCrypt conducted a security audit. The audit found that the 8 high-risk vulnerabilities, and 1 0 more in the lower level of vulnerability. About VeraCrypt VeraCrypt is a very popular disk encryption softwa...

Critical Vulnerabilities Uncovered in VeraCrypt Audit Patched

An audit of open source file and disk encryption package VeraCrypt turned up a number of critical vulnerabilities that have been patched in the month since the assessment was wrapped up. The audit, which began Aug. 16, was funded by the Open Source Technology Improvement Fund OSTIF and executed b...

VeraCrypt Audit Reveals Critical Security Flaws — Update Now

After TrueCrypt mysteriously discontinued its service, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, as well as privacy conscious people. First of all, there is no such thing as a perfect, bug-free software. Even the most rigorously tested...

[SECURITY] [DSA 3672-1] irssi security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3672-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3672-1 (irssi - security update)

Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely exploitable crash and heap corruption vulnerabilities in the format parsing code in Irssi, a terminal based IRC client. OpenVAS Vulnerability Test $Id: deb3672.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from...

Debian: Security Advisory (DSA-3672-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Someone is Spying on Researchers Behind VeraCrypt Security Audit

After TrueCrypt mysteriously discontinued itself, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, and privacy conscious people. Due to the huge popularity of VeraCrypt, security researchers from the OSTIF The Open Source Technology Improvemen...

The XEN virtual machine monitor appears“deadly”vulnerabilities-vulnerability warning-the black bar safety net

! XEN has always been known for high performance, less resource-intensive, win IBM, AMD, HP, Red Hat and Novell, and many other world-class hardware and software manufacturers of high recognition and strong support of many domestic and foreign enterprises and users to use XEN to build a...

Buffer overflow during ASN.1 decoding in NSS — Mozilla

Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute...