#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Buffer Overflow | Breaking Cybersecurity News | The Hacker News

Category — Buffer Overflow
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

May 13, 2024 Vulnerability / IoT Security
Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT devices foundational to industrial, healthcare, automotive, financial and telecommunications sectors," Kaspersky  said . Cinterion modems were originally developed by Gemalto before the business was  acquired  by Telit from Thales as part of a deal announced in July 2022. The findings were  presented  at the OffensiveCon held in Berlin on May 11. The list of eight flaws is as follows - CVE-2023-47610  (CVSS score: 8.1) - A buffer overflow vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by ...
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

Mar 02, 2024 Spyware / Privacy
A U.S. judge has ordered NSO Group to hand over its source code for  Pegasus  and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which  filed the lawsuit  in October 2019 for using its infrastructure to  distribute the spyware  to approximately 1,400 mobile devices between April and May. This also  included  two dozen Indian activists and journalists. These attacks leveraged a then zero-day flaw in the instant messaging app ( CVE-2019-3568 , CVSS score: 9.8), a critical  buffer overflow bug  in the voice call functionality, to deliver Pegasus by merely placing a call, even in scenarios where the calls were left unanswered. In addition, the attack chain included steps to erase the incoming call information from the logs in an attempt to sidestep detection. Court documents released late last month show t...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

Feb 07, 2024 Device Security / Vulnerability
The maintainers of shim have released  version 15.8  to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as  CVE-2023-40547  (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been  credited  with discovering and reporting the bug. Major Linux distributions that use shim such as Debian , Red Hat , SUSE , and Ubuntu have all released advisories for the security flaw. "The shim's http boot support (httpboot.c) trusts attacker-controlled values when parsing an HTTP response, leading to a completely controlled out-of-bounds write primitive," Oracle's Alan Coopersmith  noted  in a message shared on the Open Source Security mailing list oss-security. Demirkapi, in a  post  shared on X (formerly Twitter) late last month, said the vulnerability...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Jan 31, 2024 Vulnerability / Endpoint Security
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by  syslog() and vsyslog()  for system logging purposes. It's said to have been accidentally introduced in August 2022 with the release of glibc 2.37. "This flaw allows local privilege escalation, enabling an unprivileged user to gain full root access," Saeed Abbasi, product manager of the Threat Research Unit at Qualys,  said , adding it impacts major Linux distributions like Debian, Ubuntu, and Fedora. A threat actor could exploit the flaw to obtain elevated permissions via specially crafted inputs to applications that employ these logging functions. "Although the  vulnerability  requires specific conditions to be exploited (such as an unusual...
Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs

May 17, 2023 Internet of Things / Vulnerability
The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier  CVE-2023-27217 , was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum , which reverse-engineered the device and gained firmware access. Wemo Mini Smart Plug V2 ( F7C063 ) offers convenient remote control, allowing users to turn electronic devices on or off using a companion app installed on a smartphone or tablet. The heart of the problem lies in a feature that makes it possible to rename the smart plug to a more " FriendlyName ." The default name assigned is " Wemo mini 6E9 ." "The name length is limited to 30 characters or less, but this rule is only enforced by the app itself," security researchers Amit Serper and Reuven Yakar  said  in a report shared with The Hac...
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

Dec 05, 2022 Endpoint Security / Pen Testing
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier  CVE-2022-23093 , impacts all supported versions of FreeBSD and concerns a  stack-based buffer overflow  vulnerability in the  ping service . "ping reads raw IP packets from the network to process responses in the pr_pack() function," according to an  advisory  published last week. "The pr_pack() copies received IP and  ICMP  headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet." As a consequence, the destination buffer could be overflowed by up to 40 bytes when the IP option headers are present. The FreeBSD Project noted that the ping ...
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

Nov 01, 2022
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as  CVE-2022-3602 and CVE-2022-3786 , have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email address. "In a TLS client, this can be triggered by connecting to a malicious server," OpenSSL said in an advisory for CVE-2022-3786. "In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects." OpenSSL is an  open source implementation  of the SSL and TLS protocols used for secure communication and is baked into several operating systems and a wide range of software . Versions 3.0.0 through 3.0.6 of the library are affected by the new flaws, which has been remediated in version 3.0.7. It's worth noting tha...
Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices

Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices

Mar 09, 2022
Three high-impact security vulnerabilities have been disclosed in  APC Smart-UPS devices  that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed  TLStorm , the flaws "allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks," Ben Seri and Barak Hadad, researchers from IoT security company Armis, said in a report published Tuesday. Uninterruptible power supply ( UPS ) devices function as emergency backup power providers in mission-critical environments such as medical facilities, server rooms, and industrial systems. Most of the afflicted devices, totaling over 20 million, have been identified so far in healthcare, retail, industrial, and government sectors. TLStorm consists of a trio of critical flaws that can be triggered via unauthenticated network packets without requiring any user interaction, meaning it's a zero-click att...
Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

Jun 21, 2019
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities , besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks. With more than 3 billion downloads, VLC is a hugely popular open-source media player software that is currently being used by hundreds of millions of users worldwide on all major platforms, including Windows, macOS, Linux, as well as Android and iOS mobile platforms. Discovered by Symeon Paraschoudis from Pen Test Partners and identified as CVE-2019-12874 , the first high-severity vulnerability is a double-free issue which resides in "zlib_decompress_extra" function of VideoLAN ...
Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Oct 12, 2018
Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored in memory and repurpose existing code in a way that directs control flow of their choice, resulting in a malicious action. Since Android has a lot of mitigation to prevent direct code injection into its kernel, this code reuse method is particularly popular among hackers to gain code execution with the kernel because of the huge number of function pointers it uses. In an attempt to prevent this attack, Google has now added support for LLVM's Control Flow Integrity (CFI) to Android's kernel as a measure for detecting unusual behaviors of attackers trying to interfere or modify the contr...
New Rowhammer Attack Can Hijack Computers Remotely Over the Network

New Rowhammer Attack Can Hijack Computers Remotely Over the Network

May 11, 2018
Exploitation of Rowhammer attack just got easier. Dubbed ' Throwhammer ,' the newly discovered technique could allow attackers to launch Rowhammer attack on the targeted systems just by sending specially crafted packets to the vulnerable network cards over the local area network. Known since 2012, Rowhammer is a severe issue with recent generation dynamic random access memory (DRAM) chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row, allowing anyone to change the contents of computer memory. The issue has since been exploited in a number of ways to achieve remote code execution on the vulnerable computers and servers. Just last week, security researchers detailed a proof-of-concept Rowhammer attack technique, dubbed GLitch , that leverages embedded graphics processing units (GPUs) to carry out Rowhammer attacks against Android devices. However, all previously known Rowhammer attack techniques required privilege escal...
Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released

Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released

Apr 24, 2018
Two separate teams of security researchers have published working proof-of-concept exploits for an unpatchable vulnerability in Nvidia's Tegra line of embedded processors that comes on all currently available Nintendo Switch consoles. Dubbed Fusée Gelée and ShofEL2 , the exploits lead to a coldboot execution hack that can be leveraged by device owners to install Linux, run unofficial games, custom firmware, and other unsigned code on Nintendo Switch consoles, which is typically not possible. Both exploits take advantage of a buffer overflow vulnerability in the USB software stack of read-only boot instruction ROM (IROM/bootROM), allowing unauthenticated arbitrary code execution on the game console before any lock-out operations (that protect the chip's bootROM) take effect. The buffer overflow vulnerability occurs when a device owner sends an "excessive length" argument to an incorrectly coded USB control procedure, which overflows a crucial direct memory a...
Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking

Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking

Apr 04, 2018
Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in Smart Install Client, a plug-and-play configuration and image-management feature that helps administrators to deploy (client) network switches easily. Embedi has published technical details and Proof-of-Concept (PoC) code after Cisco today released patch updates to address this remote code execution vulnerability, which has been given a base Common Vulnerability Scoring System (CVSS) score of 9.8 (critical). Researchers found a total of 8.5 million devices with the vulnerable port open on the Internet, leaving approximately 250,000 unpatched devices open to hackers. To exploit this vu...
Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response

Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response

Jun 29, 2017
A critical vulnerability has been discovered in Systemd , the popular init system and service manager for Linux operating systems, that could allow remote attackers to potentially trigger a buffer overflow to execute malicious code on the targeted machines via a DNS response. The vulnerability, designated as CVE-2017-9445 , actually resides in the ' dns_packet_new ' function of 'systemd-resolved,' a DNS response handler component that provides network name resolution to local applications. According to an advisory published Tuesday, a specially crafted malicious DNS response can crash 'systemd-resolved' program remotely when the system tries to lookup for a hostname on an attacker-controlled DNS service. Eventually, large DNS response overflows the buffer, allowing an attacker to overwrite the memory which leads to remote code execution. This means the attackers can remotely run any malware on the targeted system or server via their evil DNS service...
Critical Skype Bug Lets Hackers Remotely Execute Malicious Code

Critical Skype Bug Lets Hackers Remotely Execute Malicious Code

Jun 28, 2017
A critical vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could allow hackers to remotely execute malicious code and crash systems. Skype is a free online service that allows users to communicate with peers by voice, video, and instant messaging over the Internet. The service was acquired by Microsoft Corporation in May 2011 for US$8.5 Billion due to its worldwide popularity. Security researcher Benjamin Kunz-Mejri from Germany-based security firm Vulnerability Lab discovered the previously unknown stack buffer overflow vulnerability, which is documented in CVE-2017-9948 , in Skype Web's messaging and call service during a team conference call. The vulnerability is considered a high-security risk with a 7.2 CVSS score and affects Skype versions 7.2, 7.35, and 7.36 on Windows XP, Windows 7 and Windows 8, Mejri said in a public security disclosure published on Monday. "The issue can be exploi...
Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program

Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program

Jun 20, 2017
It seems Microsoft is planning to build its EMET anti-exploit tool into the kernel of Windows 10 Creator Update (also known as RedStone 3), which is expected to release in September/October 2017. So you may not have to separately download and install EMET in the upcoming version of the Windows 10. If true, this would be the second big change Microsoft is making in its Windows 10 Fall update after planning to remove SMBv1 to enhance its users security. EMET or Enhanced Mitigation Experience Toolkit, currently optional, is a free anti-exploit toolkit for Microsoft's Windows operating systems designed to boost the security of your computer against complex threats such as zero-day vulnerabilities. " EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software ," Microsoft site reads. Basically EMET detects and prevents buffer overflows and memory corruption vulnerabilities,...
Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air

Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air

Apr 05, 2017
Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction. Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to address a serious bug that could allow an attacker within same Wifi network to remotely execute malicious code on the Broadcom WiFi SoC (Software-on-Chip) used in iPhones, iPads, and iPods. The vulnerability was described as the stack buffer overflow issue and was discovered by Google's Project Zero staffer Gal Beniamini, who today detailed his research on a lengthy blog post , saying the flaw affects not only Apple but all those devices using Broadcom's Wi-Fi stack. Beniamini says this stack buffer overflow issue in the Broadcom firmware code could lead to remote code execution vulnerability, allowing an attacker in the smartphone's WiFi range to send and execute code on th...
Linux Kernel Gets Patch For Years-Old Serious Vulnerability

Linux Kernel Gets Patch For Years-Old Serious Vulnerability

Mar 16, 2017
Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. The latest Linux kernel flaw ( CVE-2017-2636 ), which existed in the Linux kernel for the past seven years, allows a local unprivileged user to gain root privileges on affected systems or cause a denial of service (system crash). Positive Technologies researcher Alexander Popov discovered a race condition issue in the N_HLDC Linux kernel driver – which is responsible for dealing with High-Level Data Link Control (HDLC) data – that leads to double-free vulnerability. " Double Free " is one of the most common memory corruption bug that occurs when the application releases same memory location twice by calling the free() function on the same allocated memory. An unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code in the security context of curren...
Expert Insights / Articles Videos
Cybersecurity Resources