Constraint-Guided Multi-Agent Decompilation for Executable Binary Recovery

Decompilation -- recovering source code from compiled binaries -- is essential for security analysis, malware reverse engineering, and legacy software maintenance. However, existing decompilers produce code that often fails to compile or execute correctly, limiting their practical utility. We...

EUVD-2024-19246

Malicious code in bioql PyPI...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the torch.Tensor.random function when a model is compiled with Inductor. An attacker can cause the application to crash or become unresponsive by triggering a syntax error...

Leveraging GPT-4 for Vulnerability-Witnessing Unit Test Generation

In the life-cycle of software development, testing plays a crucial role in quality assurance. Proper testing not only increases code coverage and prevents regressions but it can also ensure that any potential vulnerabilities in the software are identified and effectively fixed. However, creating...

CVE-2024-21598 Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. If a BGP update is received over an established BGP sessio...

CVE-2024-21598

CVE-2024-21598 affects Juniper Networks Junos OS and Junos OS Evolved, where the Routing Protocol Daemon (rpd) crashes and restarts when receiving a BGP update containing a malformed TLV in a tunnel encapsulation attribute. This is due to improper validation of syntactic correctness of input. Imp...

CVE-2024-21616 Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service DoS. On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a...

CVE-2023-44204

CVE-2023-44204 affects Juniper Networks Junos OS and Junos OS Evolved, via an Improper Validation of Syntactic Correctness of Input in the Routing Protocol Daemon (rpd). A malformed BGP UPDATE packet received on an established BGP session can crash rpd, causing a DoS on both eBGP and iBGP session...

CVE-2023-28985 SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a specific malformed SSL packet is received

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention IDP of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service DoS. Continued receipt of this specific packet will cause a...

CVE-2023-28985 SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a specific malformed SSL packet is received

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention IDP of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service DoS. Continued receipt of this specific packet will cause a...

Input validation

An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon jdhcpd of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service DoS. If option-82 is...

CVE-2020-16220 Philips Patient Monitoring Devices Improper Validation of Syntactic Correctness of Input

In Patient Information Center iX PICiX Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed i.e., to comply with a certain syntax but it does not validate or incorrectly validates that the input complies with the syntax,...