maniabel7-zip mit Sicherheitslücke. Updaten! Subito!
https://maniabel.work/archiv/1682
#7-zip #HeapOverflow #Malware #NTFSParser
#infosec #BeDiS #up2date
sayzardCVE-2026-9256: Nginx 1.31.1 and 1.30.1
Nginx 1.31.1 및 1.30.1 버전에서 ngx_http_rewrite_module 모듈의 정규식 재작성 지시문 처리 과정에서 힙 버퍼 오버플로우 취약점(CVE-2026-9256)이 발견되었습니다. 이 취약점은 인증되지 않은 공격자가 특수하게 조작된 HTTP 요청을 통해 Nginx 워커 프로세스 재시작을 유발하거나, ASLR이 비활성화된 환경에서 임의 코드 실행이 가능합니다. 해당 문제는 보안상 매우 심각하며, 최신 버전으로의 신속한 업데이트가 권고됩니다.
Alexandre BorgesExploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.
This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow
Alexandre BorgesToday I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #kernel #heapoverflow
Jiqiang Feng | Innora AI SecurityVim's Partial Patch Problem: 14+ Heap Overflows Left Behind After CVE-2026-28421
One (int) cast was fixed. At least 14 identical truncations remain across ex_getln.c, memline.c, terminal.c, session.c and others.
size_t → (int) cast silently truncates values > INT_MAX → undersized alloc → heap buffer overflow (CWE-190 → CWE-122).
Trigger vectors: swap files, undo files, session files, terminal output — all accessible via shared filesystems and repos.
Vim's lead maintainer closed the GitHub Security Advisory and threatened to ban the reporter.
The fix is trivial: remove the redundant (int) casts. alloc() already accepts size_t.
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/03/31/exploiting-reversing-er-series-article-08/
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://exploitreversing.com/2026/03/31/exploiting-reversing-er-series-article-08/
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism.
[+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control.
[+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM.
[+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write.
[+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage.
This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy the read and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring
Hacker NewsHeap Overflow in FFmpeg EXIF
#HackerNews #HeapOverflow #FFmpeg #EXIF #SecurityBug #Vulnerability #Cybersecurity
Heap-overflowing Llama.cpp to RCE
https://retr0.blog/blog/llama-rpc-rce
#HackerNews #HeapOverflow #LlamaCpp #RCE #CyberSecurity #Exploit #TechNews
🛡 
Heap Buffer Overflow in UPX Identified
Date: March 26, 2024
CVE: To be assigned
Vulnerability Type: Buffer Errors
CWE: [[CWE-122]]
Sources: NIST VULNDB VULNDB Submit
Issue Summary
A heap buffer overflow vulnerability was identified in the [[UPX|Ultimate Packer for eXecutables]] (UPX), specifically in the commit 06b0de9c77551cd4e856d453e094d8a0b6ef0d6d. This issue occurs during the handling of certain data structures, leading to potential memory corruption. The vulnerability was discovered through fuzzing techniques using the Google OSS-Fuzz project.
Technical Key findings
The vulnerability is caused by improper handling of input data, resulting in a heap buffer overflow. This overflow occurs in the handling of packed files during decompression, where the bounds of allocated heap memory are not properly checked.
Vulnerable products
- [[UPX]] version identified by commit
06b0de9c77551cd4e856d453e094d8a0b6ef0d6d.
Impact assessment
An attacker could exploit this vulnerability to execute arbitrary code on the target system or cause a denial of service through application crash, potentially compromising the system's integrity and availability.
Patches or workaround
No specific patches or workarounds were mentioned at the time of reporting. Users are advised to monitor the official [[UPX]] GitHub repository for updates.
Tags
#UPX #BufferOverflow #HeapOverflow #SecurityVulnerability #CVE