hyper Jun 1, 2023

new post is live! this is the first part of a two-part series going over the details and root cause analysis of a heap overflow in MiniDLNA media server that I discovered a couple of months ago. part two will go over the exploit dev process and provide exploits for both x86_64 and ARM32 targets.

https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html

chonked pt.1: MiniDLNA 1.3.2 HTTP Chunk Parsing Heap Overflow (CVE-2023-33476) Root Cause Analysis

first part in a two-part series going over a heap overflow in MiniDLNA, a media server commonly deployed in embedded environments. this post provides a summary and root cause analysis of the vulnerability.

hyprblog
Show thread~swapgsJun 1, 2023
@hypr The good old chunked, great work :)
I’m surprised about ZDI’s decision but I remember that during last P2O Toronto, they excluded a few binaries like this one from the contest.
Show threadhyper 
@swapgs thanks! And that’s good to know about p2o Toronto, I guess that would explain why they didn’t accept it
Jun 1, 2023 at 3:55pmWeb