CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[@lodestar/reqresp] Lodestar snappy decompression issue
Description: Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork) Description Lodestar client may fail to decode snappy framing compressed messages. Vulnerability Details In Req/Resp protocol the message are encoded by using ssz_snappy encoding, which is basically snappy framing compression over ssz encoded message. It's mentioned here - https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/p2p-interface.md The token of the negotiated protocol ID specifies the type of encoding to be used for the req/resp interaction. Only one value is possible at this time: ssz_snappy: The contents are first SSZ-encoded and then compressed with Snappy frames compression. For objects containing a single field, only the field is SSZ-encoded not a container with a single field. For example, the BeaconBlocksByRoot request is an SSZ-encoded list of Root's. This encoding type MUST be supported by all clients. In snappy framing format there a few types of chunks. We are interested in so called reserved skippable chunks. These are chunks with chunk type in range [0x80, 0xfd] Let's see how rust snappy handles them https://github.com/BurntSushi/rust-snappy/blob/master/src/read.rs#L137 impl<R: io::Read> io::Read for FrameDecoder<R> { fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> { ... ... let len = len64 as usize; match ty { ...
Source: Github Advisory Database (NPM)
January 14th, 2025 (6 months ago)
[@lodestar/reqresp] Lodestar snappy checksum issue
Description: Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork (network partition requiring hard fork) Lodestar does not verify checksum in snappy framing uncompressed chunks. Vulnerability Details In Req/Resp protocol the messages are encoded by using ssz_snappy encoding, which is a snappy framing compression over ssz encoded message. In snappy framing format there are uncompressed chunks, each such chunk is prefixed with a checksum. Let's see how golang implementation parses such chunks - https://github.com/golang/snappy/blob/master/decode.go#L176 case chunkTypeUncompressedData: // Section 4.3. Uncompressed data (chunk type 0x01). if chunkLen < checksumSize { r.err = ErrCorrupt return r.err } buf := r.buf[:checksumSize] if !r.readFull(buf, false) { return r.err } checksum := uint32(buf[0]) | uint32(buf[1])<<8 | uint32(buf[2])<<16 | uint32(buf[3])<<24 // Read directly into r.decoded instead of via r.buf. n := chunkLen - checksumSize if n > len(r.decoded) { r.err = ErrCorrupt return r.err } if !r.readFull(r.decoded[:n], false) { return r.err } if crc(r.decoded[:n]) != checksum { r.err = ErrCorrupt return r.err } ...
Source: Github Advisory Database (NPM)
January 14th, 2025 (6 months ago)
[silverstripe/framework] Silverstripe Framework has a XSS via insert media remote file oembed
Description: Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. References https://www.silverstripe.org/download/security-releases/cve-2024-47605 References https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82 https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a https://www.silverstripe.org/download/security-releases/cve-2024-47605 https://github.com/advisories/GHSA-7cmp-cgg8-4c82
Source: Github Advisory Database (Composer)
January 14th, 2025 (6 months ago)
[silverstripe/framework] Silverstripe Framework has a XSS in form messages
Description: In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. References https://www.silverstripe.org/download/security-releases/cve-2024-53277 Reported by Leo Diamat from Bastion Security Group References https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5 https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00 https://www.silverstripe.org/download/security-releases/cve-2024-53277 https://github.com/advisories/GHSA-ff6q-3c9c-6cf5
Source: Github Advisory Database (Composer)
January 14th, 2025 (6 months ago)
[silverstripe/framework] Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
Description: [!IMPORTANT] This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information. If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. References https://www.silverstripe.org/download/security-releases/ss-2024-002 Reported by Gaurav Nayak from Chaleit References https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8 https://www.silverstripe.org/download/security-releases/ss-2024-002 https://github.com/advisories/GHSA-mqf3-qpc3-g26q
Source: Github Advisory Database (Composer)
January 14th, 2025 (6 months ago)
Microsoft Rings in 2025 With Record Security Update
Description: Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Source: Dark Reading
January 14th, 2025 (6 months ago)
A Threat Actor Claims to be Selling Access to an Unidentified Polish Group of Companies
Description: A Threat Actor Claims to be Selling Access to an Unidentified Polish Group of Companies
Source: DarkWebInformer
January 14th, 2025 (6 months ago)
Allstate car insurer sued for tracking drivers without permission
Description: Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. [...]
Source: BleepingComputer
January 14th, 2025 (6 months ago)
January Windows updates may fail if Citrix SRA is installed
Description: Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if&nbsp;Citrix Session Recording Agent (SRA) version 2411 is installed on the device. [...]
Source: BleepingComputer
January 14th, 2025 (6 months ago)
Patch Tuesday - January 2025
Description: Eight 0-days. Access: triple zero-day RCE; Hyper-V NT Kernel Integration VSP: triple zero-day EoP; Windows Themes: zero-day NTLM disclosure; Windows Installer: zero-day EoP; PGM: critical RCE; OLE: critical RCE.
Source: Rapid7
January 14th, 2025 (6 months ago)