heap-overflow
Safeguard articles tagged "heap-overflow" — guides, analysis, and best practices for software supply chain and application security.
5 articles
curl SOCKS5 Heap Overflow (CVE-2023-38545) Explained: When a Long Hostname Broke the Handshake
CVE-2023-38545 is a heap buffer overflow in curl and libcurl's SOCKS5 proxy handshake, triggered when a too-long hostname is copied into a fixed buffer during a slow handshake. Here is the bug.
Inside CVE-2023-38545: the libcurl SOCKS5 heap overflow
A single off-by-length check in curl's SOCKS5 handshake, live for over three years across libcurl 7.69.0–8.3.x, earned a 9.8 CVSS score and a CWE-787 out-of-bounds write.
WebP (CVE-2023-4863) Explained: The libwebp Heap Overflow That Patched the Web
CVE-2023-4863 was an actively exploited heap buffer overflow in libwebp's Huffman decoder. Because the codec is vendored everywhere, one bug forced emergency patches across browsers and apps.
Git Heap Buffer Overflow via GIT_PUSH_OPTION_COUNT (CVE-2...
CVE-2022-39260 is a heap overflow in Git from an integer overflow in GIT_PUSH_OPTION_COUNT during git push. What changed, and how to remediate it.
curl CVE-2023-38545: The Worst curl Vulnerability in Years
A heap buffer overflow in curl's SOCKS5 proxy handshake earned a severity rating of HIGH from curl's creator Daniel Stenberg, who called it the worst curl flaw in a long time.