Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. Fickling 0.1.7 before the version of the code problem vulnerability , the vulnerability stems from the existence of detection blindness to the builder module , which may lead to detection bypass...

DragonFly's manager generates mTLS certificates for arbitrary IP addresses

Impact A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if...

GHSA-C2FC-9Q9C-5486 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

GPU kernel implementations susceptible to memory leak

Overview General-purpose graphics processing unit GPGPU platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes. An attacker with access to GPU capabilities using a vulnerable GPU's programmable...

uthenticode security breach

Authenticode is Trail of Bits open source a small cross-platform library . Used to partially verify Authenticode digital signatures . A security vulnerability exists in versions prior to uthenticode 2.0.0 , the vulnerability stems from not checking the extended key usage in the certificate ,...

Single-step process for critical ownership transfer/renounce is risky

Lines of code Vulnerability details Single-step process for critical ownership transfer/renounce is risky Impact The following contracts and functions, allow owners to interact with core functions such as: execute, rawExecute and setApproval in OwnableSmartWallet registerKnotsToSyndicate,...

curl: CVE-2022-43552: HTTP Proxy deny use-after-free

Issues reported by Trail of Bits. This is either one or two issues. Summary: ./src/curl 0 -x0:80 telnet:/j-uj-u//0 -m 01 ./src/curl 0 -x0:80 smb:/j-uj-u//0 -m 01 Both command line ends up having libcurl access and use already freed heap-memory. For read and write. Steps To Reproduce: See above, r...

curl: CVE-2022-42915: HTTP proxy double-free

This is a finding that Trail of Bits found in their ongoing curl security audit. Reported at a status meeting today. Summary: curl frees memory twice in some cleanup function related to HTTP proxies. It as simple as curl -x http://localhost:80 dict://127.0.0.1 Using valgrind on the current git...

Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities

pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database https://github.com/pypa/advisory-db via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from...

GHSA-GP6J-VX54-5PMF Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme

Summary In the threshold signature scheme, participants start by dividing secrets into shares using a secret sharing scheme. The Verifiable Secret Sharing scheme generates shares from the user’s IDs but does not properly validate them. Using a malicious ID will make other users reveal their secre...

Improper Sanitizing of plugin names in helm

Impact Security researchers at Trail of Bits discovered that plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to hel...

GHSA-M54R-VRMV-HW33 Improper Sanitizing of plugin names in helm

Impact Security researchers at Trail of Bits discovered that plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to hel...

GHSA-JM56-5H66-W453 Repository index file allows for duplicates of the same chart entry in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs...

GHSA-9VP5-M38W-J776 Aliases are never checked in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. Patches This issue has been patched in Helm 3.3.2 a...

changeDAO should be a two-step process in Vader.sol

Handle 0xRajeev Vulnerability details Impact changeDAO updates DAO address in one-step. If an incorrect address is mistakenly used and voted upon then future administrative access or recovering from this mistake is prevented because onlyDAO modifier is used for changeDAO, which requires msg.sende...

Why You Should Join Carbon Black at QueryCon 2019

Carbon Black Joining Trail of Bits to Support QueryCon 2019 We are excited to announce that Carbon Black will be joining with Trail of Bits and Kolide to sponsor QueryCon 2019. QueryCon is a conference dedicated to Osquery, an open source tool that allows users to query their devices like a...

Facebook releases Osquery Security Tool for Windows

OSquery, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today. But now the social network has announced that the company has developed a Windows...

Updated vlc packages fix security vulnerability

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files CVE-2015-5949...

FreeBSD : vlc -- arbitrary pointer dereference vulnerability (a0a4e24c-4760-11e5-9391-3c970e169bc2)

oCERT reports : The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be craft...