FirmReBugger: A Benchmark Framework for Monolithic Firmware Fuzzers

Monolithic Firmware is widespread. Unsurprisingly, fuzz testing firmware is an active research field with new advances addressing the unique challenges in the domain. However, understanding and evaluating improvements by deriving metrics such as code coverage and unique crashes are problematic,...

Exploit for Server-Side Request Forgery in Svelte Sveltekit

BlueDragon Web Security An advanced web vulnerability scann...

BGPFuzz: Automated Configuration Fuzzing of the Border Gateway Protocol

Telecommunications networks rely on configurations to define routing behavior, especially in the Border Gateway Protocol BGP, where misconfigurations can lead to severe outages and security breaches, as demonstrated by the 2021 Facebook outage. Unlike existing approaches that rely on synthesis or...

EUVD-2017-0110

Malware in sbrugna...

VWAttacker: a Systematic Security Testing Framework for Voice over WiFi User Equipments

We present VWAttacker, the first systematic testing framework for analyzing the security of Voice over WiFi VoWiFi User Equipment UE implementations. VWAttacker includes a complete VoWiFi network testbed that communicates with Commercial-Off-The-Shelf COTS UEs based on a simple interface to test...

Black-Box Crypto Is Useless for Pseudorandom Codes

A pseudorandom code is a keyed error-correction scheme with the property that any polynomial number of encodings appear random to any computationally bounded adversary. We show that the pseudorandomness of any code tolerating a constant rate of random errors cannot be based on black-box reduction...

Cryptography without Long-Term Quantum Memory and Global Entanglement: Classical Setups for One-Time Programs, Copy Protection, and Stateful Obfuscation

We show how oracles which only allow for classical query access can be used to construct a variety of quantum cryptographic primitives which do not require long-term quantum memory or global entanglement. Specifically, if a quantum party can execute a semi-quantum token scheme Shmueli 2022 with...

WalletProbe: a Testing Framework for Browser-Based Cryptocurrency Wallet Extensions

Serving as the first touch point for users to the cryptocurrency world, cryptocurrency wallets allow users to manage, receive, and transmit digital assets on blockchain networks and interact with emerging decentralized finance DeFi applications. Unfortunately, cryptocurrency wallets have always...

PT-2024-40434 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel affected versions not specified Description: The issue concerns applications that use the "cookie" session driver and expose an encryption oracle, allowing for remote code execution. An encryption oracle is a mechanism where arbitrary...

stETH/ETH, rETH/ETH and cbETH/ETH chainlink oracles has too long of heartbeat and deviation threshold which can cause loss of funds

Lines of code Vulnerability details ChainlinkPriceOracle fetches prices from the Chainlink contracts. But the price feeds in the consideration has a very long price heartbeat and deviation rate which might lead to wrong price calculation and loss of token to the user. Impact According to the...

Calc token amount can be manipulated

Lines of code Vulnerability details Impact function calcDepositInOneCoin uint2563 memory arr private view returns uint256 return liquidityPool.calctokenamountarr, true; This function is being used to calculate slippage, return value calctokenamount can be manipulated as described in POC section,...

No check for active Arbitrum Sequencer

Lines of code Vulnerability details Impact If the Arbitrum sequencer goes down, the stale ratio will be used during the swap. Proof of Concept readChainlinkFeed gets the price from chainlink oracle and the ratio is used during the swap. function readChainlinkFeed uint256 quoteAmount,...

No target price check performed for external oracles

Lines of code Vulnerability details Impact readMint and readBurn do not check the price of returned assets against the target price, this check is only performed for Chainlink Oracles. Therefore, external oracles can report an arbitrarily price that will be accepted by the protocol and any oracle...

Information disclosure

AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure...

Legitimate token / USD pairs with more than 8 decimals are not handled correctly

Lines of code Vulnerability details Impact The decimals returned by the Chainlink oracles are assumed to be 8 throughout this protocol. However, there are legitimate token / USD pairs that have the corresponding Chainlink oracles to return more than 8 decimals; for example, the AMPL / USD pair's...

Getting collateral value by calling previewRedeem can be manipulated

Lines of code Vulnerability details Proof of Concept The code in EscrowLib is trying to calculate the value of a collateral by calling the previewRedeem method of an ERC4626 vault, when the collateral is a token from such a vault. The EIP4626 specification explicitly says The preview methods retu...

OSV-2022-1155 UNKNOWN WRITE in wasmtime_fuzzing::oracles::instantiate_many::h1a28dda90c13f877

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53102 Crash type: UNKNOWN WRITE Crash state: wasmtimefuzzing::oracles::instantiatemany::h1a28dda90c13f877 instantiatemany::::run::he4646225c064edb2...

Pseudo randomness is not recommended

Lines of code Vulnerability details Impact Use of pseudo randomness in chain is not recommended as it can be predicted by anyone, this can affect value in case of minting or withdrawing in some scenarios Proof of Concept Tools Used Recommended Mitigation Steps Use oracles --- The text was updated...

BlurExchage#setBlockRange can cause previously expired order to be unexpectedly valid again

Lines of code Vulnerability details Impact A previously canceled order becomes valid again Proof of Concept BlurExchagesetBlockRange allows the owner to set the block range for which the oracles signature is valid for. If the block range is set to longer, orders that would have been invalid are...

Pax - CLI Tool For PKCS7 Padding Oracle Attacks

Exploit padding oracles for fun and profit! Pax PAdding oracle eXploiter is a tool for exploiting padding oracles in order to: 1. Obtain plaintext for a given piece of CBC encrypted data. 2. Obtain encrypted bytes for a given piece of plaintext, using the unknown encryption algorithm used by the...