Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

curl SOCKS5 Heap Overflow (CVE-2023-38545) Explained: When a Long Hostname Broke the Handshake

CVE-2023-38545 is a heap buffer overflow in curl and libcurl's SOCKS5 proxy handshake, triggered when a too-long hostname is copied into a fixed buffer during a slow handshake. Here is the bug.

Jul 8, 20266 min read
Vulnerability Analysis

Ghostscript (CVE-2023-36664) Explained: Command Injection via Pipe Devices

CVE-2023-36664 let a crafted PostScript or EPS file run system commands through Ghostscript's mishandling of pipe device filenames. Because Ghostscript hides behind image tools, the blast radius was wide.

Jul 8, 20266 min read
Vulnerability Analysis

Ivanti Connect Secure CVE-2024-21887 Explained: Command Injection in a Two-Bug Chain

CVE-2024-21887 is a command injection in Ivanti Connect Secure that, chained with the auth bypass CVE-2023-46805, gave attackers unauthenticated RCE. Here is the timeline, root cause, and patched versions.

Jul 8, 20266 min read
Vulnerability Analysis

PHP-CGI Argument Injection RCE on Windows (CVE-2024-4577) Explained

CVE-2024-4577 revived a decade-old PHP-CGI flaw through a Windows Unicode 'best-fit' quirk, yielding unauthenticated RCE. Here's the mechanism and the patched versions.

Jul 8, 20265 min read
Vulnerability Analysis

Terrapin Attack (CVE-2023-48795) Explained: SSH's Prefix Truncation Flaw

CVE-2023-48795, the Terrapin attack, is a protocol-level flaw letting a MITM silently truncate the start of an SSH session. Here is how it works, what it downgrades, and how to fix it.

Jul 8, 20267 min read
Vulnerability Analysis

Barracuda ESG CVE-2023-2868 Explained: The Command Injection That Ended in Hardware Replacement

CVE-2023-2868 is a command injection in the Barracuda Email Security Gateway, exploited as a zero-day by UNC4841 for months. Rated CVSS 9.8, it ended with Barracuda advising physical appliance replacement.

Jul 7, 20266 min read
Vulnerability Analysis

Confluence Broken Access Control Zero-Day (CVE-2023-22515) Explained

CVE-2023-22515 let unauthenticated attackers create rogue administrator accounts on Confluence Data Center and Server. Here's the broken-access-control flaw and how to fix it.

Jul 7, 20265 min read
Vulnerability Analysis

OpenSSL Punycode Overflow (CVE-2022-3602) Explained

CVE-2022-3602 was pre-announced as OpenSSL's next critical bug, then downgraded to high. Here is what the X.509 punycode buffer overflow actually does, why the panic cooled, and how to patch.

Jul 7, 20266 min read
Vulnerability Analysis

regreSSHion (CVE-2024-6387) Explained: A Signal-Handler Race That Reopened an Old OpenSSH RCE

CVE-2024-6387, regreSSHion, is an unauthenticated remote code execution flaw in OpenSSH's sshd caused by a signal-handler race — a regression of a bug fixed back in 2006.

Jul 7, 20266 min read
Vulnerability Analysis

Text4Shell (CVE-2022-42889) Explained: RCE in Apache Commons Text Interpolation

CVE-2022-42889, Text4Shell, let attackers run code through Apache Commons Text's string interpolation when apps passed untrusted input to StringSubstitutor. Here is the flaw and why it was narrower than feared.

Jul 7, 20265 min read
Vulnerability Analysis

Citrix Bleed (CVE-2023-4966) Explained: Leaking Session Tokens Straight Past MFA

CVE-2023-4966, Citrix Bleed, let unauthenticated attackers read memory from NetScaler appliances and steal valid session tokens — hijacking sessions and bypassing multi-factor authentication.

Jul 6, 20265 min read
Vulnerability Analysis

Dirty Pipe (CVE-2022-0847) Explained: Overwriting Read-Only Files in the Linux Kernel

CVE-2022-0847, Dirty Pipe, let unprivileged users overwrite data in read-only files through an uninitialized pipe flag — a clean path to root. Here is the page-cache mechanism behind it.

Jul 6, 20265 min read
Vulnerability Analysis — Supply Chain Security Blog | Safeguard