Commands and Tools for Embedded Reverse Engineering

We’ve been training a lot of people to look at embedded systems. The training is intensive, and it can be hard to remember all the commands and tools used. This is just a quick rundown of those tools with enough information to jog your memory! Basic Commands If we want to see the content of a fil...

Design/Logic Flaw

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leav...

Slackware: Security Advisory (SSA:2004-239-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2003-0143

The popmsg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name...