CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Summary
The regular expression /<([^>]+)>; rel="deprecation"/ used to match the link header in HTTP responses is vulnerable to a ReDoS (Regular Expression Denial of Service) attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic backtracking when processing specially crafted input. An attacker could exploit this flaw by sending a malicious link header, resulting in excessive CPU usage and potentially causing the server to become unresponsive, impacting service availability.
Details
The vulnerability resides in the regular expression /<([^>]+)>; rel="deprecation"/, which is used to match the link header in HTTP responses. This regular expression captures content between angle brackets (<>) followed by ; rel="deprecation". However, the pattern is vulnerable to ReDoS (Regular Expression Denial of Service) attacks due to its susceptibility to catastrophic backtracking when processing malicious input.
An attacker can exploit this vulnerability by sending a specially crafted link header designed to trigger excessive backtracking. For example, the following headers:
fakeHeaders.set("link", "<".repeat(100000) + ">");
fakeHeaders.set("deprecation", "true");
The crafted link header consists of 100,000 consecutive < characters followed by a closing >. This input forces the regular expression engine to backtrack extensively in an attempt to match the pattern. As a result, the server can experience a significant i...
February 14th, 2025 (5 months ago)
|
|
|
Description: Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. [...]
February 14th, 2025 (5 months ago)
|
|
|
Description: Summary
A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact has an attestation with a predicate type different from the one provided in the command. As a result, users relying solely on these exit codes may mistakenly believe the attestation has been verified, despite the absence of an attestation with the specified predicate type and the tool printing a verification failure.
Users are advised to update gh to version v2.67.0 as soon as possible.
Initial report: https://github.com/cli/cli/issues/10418
Fix: https://github.com/cli/cli/pull/10421
Details
The gh attestation verify command fetches, loads, and attempts to verify attestations associated with a given artifact for a specified predicate type. If an attestation is found, but the predicate type does not match the one specified in the gh attestation verify command, the verification fails, but the program exits early.
Due to a re-used uninitialized error variable, when no matching attestations are found, the relevant function returns nil instead of an error, causing the program to exit with a status code of 0, which incorrectly suggests successful verification.
PoC
Run gh attestation verify with local attestations using the --bundle flag and specify a predicate type with --predicate-typ...
February 14th, 2025 (5 months ago)
|
|
|
Description: Summary
A vulnerability in the add_share function of the Rewards pallet (part of the ORML repository) can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range.
Affected Components
ORML Rewards pallet (rewards/src/lib.rs)
Any Substrate-based chain using ORML Rewards with add_share accepting unvalidated large u128 inputs
Technical Details
add_share performs arithmetic on user-supplied values (add_amount) of type T::Share (mapped to u128 in Acala).
If add_amount is large enough (e.g., i128::MAX), the intermediate result may overflow and panic on the cast to u128.
Validation occurs only after arithmetic, enabling a crafted input to trigger an overflow.
Impact
A malicious user submitting a specially crafted extrinsic can cause a panic in the runtime:
Denial of Service by crashing the node process.
Potential for invalid blocks produced by validators.
Likelihood
This issue is exploitable in production if there exists at least one rewards pool where reward tokens exceed twice the collateral tokens, allowing sufficiently large multiplication to exceed u128 bounds.
Remediation
This issue is fixed in https://github.com/open-web3-stack/open-runtime-module-library/pull/1016
Backport
The patch have been backported to following release branches:
polkadot-stable2407
polkadot-stable2409
A 1.0.1 patch release is made with this fix.
References
https://github.com/open-web3-stack/open-runtime-module-library/security/advisories/GHSA-5v93-9mqw-p9mh...
February 14th, 2025 (5 months ago)
|
|
|
Description: The library provides a public safe API transmute_vec_as_bytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer.
In the issue, we develop a PoC to show passing struct type to transmute_vec_as_bytes could lead to undefined behavior with Vec::from_raw_parts.
The developers provide a patch by changing trait of Copy to Pod, which can make sure T should be plain data. This was patched in the latest version of master branch, but still not on the latest release (0.28.1).
References
https://github.com/FyroxEngine/Fyrox/issues/630
https://github.com/FyroxEngine/Fyrox/pull/662
https://github.com/FyroxEngine/Fyrox/commit/474e3b01a884366cdb7d704f7456ef692e992232
https://rustsec.org/advisories/RUSTSEC-2024-0435.html
https://github.com/advisories/GHSA-h7h7-6mx3-r89v
February 14th, 2025 (5 months ago)
|
|
|
Description: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort
February 14th, 2025 (5 months ago)
|
|
|
Description: A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. [...]
February 14th, 2025 (5 months ago)
|
|
|
Description: A newly discovered phishing campaign targeting Microsoft 365 accounts has been attributed to Russian-linked threat actors, leveraging an advanced technique known as device code authentication phishing. Reports from both Microsoft and cybersecurity firm Volexity indicate that multiple groups have been exploiting this method since mid-2024, targeting government agencies, NGOs, defense organizations, and private companies across …
The post Hackers Use Device Code Phishing to Hijack Microsoft 365 Accounts appeared first on CyberInsider.
February 14th, 2025 (5 months ago)
|
|
|
Description: This week, we discuss Apple's iCloud, Wikipedia as a miracle of humankind, and good soup.
February 14th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling a Chromium Extension and Loader
February 14th, 2025 (5 months ago)
|