![]() |
Description: Impact
Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork)
Lodestar does not verify checksum in snappy framing uncompressed chunks.
Vulnerability Details
In Req/Resp protocol the messages are encoded by using ssz_snappy encoding, which is a snappy framing compression over ssz encoded message.
In snappy framing format there are uncompressed chunks, each such chunk is prefixed with a checksum.
Let's see how golang implementation parses such chunks - https://github.com/golang/snappy/blob/master/decode.go#L176
case chunkTypeUncompressedData:
// Section 4.3. Uncompressed data (chunk type 0x01).
if chunkLen < checksumSize {
r.err = ErrCorrupt
return r.err
}
buf := r.buf[:checksumSize]
if !r.readFull(buf, false) {
return r.err
}
checksum := uint32(buf[0]) | uint32(buf[1])<<8 | uint32(buf[2])<<16 | uint32(buf[3])<<24
// Read directly into r.decoded instead of via r.buf.
n := chunkLen - checksumSize
if n > len(r.decoded) {
r.err = ErrCorrupt
return r.err
}
if !r.readFull(r.decoded[:n], false) {
return r.err
}
if crc(r.decoded[:n]) != checksum {
r.err = ErrCorrupt
return r.err
}
...
January 14th, 2025 (6 months ago)
|
![]() |
Description: Impact
When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.
References
https://www.silverstripe.org/download/security-releases/cve-2024-47605
References
https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82
https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a
https://www.silverstripe.org/download/security-releases/cve-2024-47605
https://github.com/advisories/GHSA-7cmp-cgg8-4c82
January 14th, 2025 (6 months ago)
|
![]() |
Description: In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.
Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.
References
https://www.silverstripe.org/download/security-releases/cve-2024-53277
Reported by
Leo Diamat from Bastion Security Group
References
https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5
https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00
https://www.silverstripe.org/download/security-releases/cve-2024-53277
https://github.com/advisories/GHSA-ff6q-3c9c-6cf5
January 14th, 2025 (6 months ago)
|
![]() |
Description:
[!IMPORTANT]
This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
References
https://www.silverstripe.org/download/security-releases/ss-2024-002
Reported by
Gaurav Nayak from Chaleit
References
https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q
https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8
https://www.silverstripe.org/download/security-releases/ss-2024-002
https://github.com/advisories/GHSA-mqf3-qpc3-g26q
January 14th, 2025 (6 months ago)
|
![]() |
Description: Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
January 14th, 2025 (6 months ago)
|
![]() |
Description: A Threat Actor Claims to be Selling Access to an Unidentified Polish Group of Companies
January 14th, 2025 (6 months ago)
|
![]() |
Description: Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. [...]
January 14th, 2025 (6 months ago)
|
![]() |
Description: Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. [...]
January 14th, 2025 (6 months ago)
|
![]() |
Description: Eight 0-days. Access: triple zero-day RCE; Hyper-V NT Kernel Integration VSP: triple zero-day EoP; Windows Themes: zero-day NTLM disclosure; Windows Installer: zero-day EoP; PGM: critical RCE; OLE: critical RCE.
January 14th, 2025 (6 months ago)
|
![]() |
Description: Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.
January 14th, 2025 (6 months ago)
|