Articles about buffer overflow

Cloudbleed: Big web brands 'leaked crypto keys, personal secrets' thanks to Cloudflare bug

Updated Big-name websites potentially leaked people's private session tokens and personal information into strangers' browsers, due to a Cloudflare bug uncovered by Google researchers. As we'll see, a single character – '>' rather than '=' – in Cloudflare's software source code sparked the security blunder. Cloudflare helps companies …
Iain Thomson, 24 Feb 2017

Buffer overflow reported in UEFI EDK1

A pair of security researchers have found a buffer overflow vulnerability within the implementation of the unified extensible firmware interface (UEFI) within the EDK1 project used in firmware development. Bromium researcher Rafal Wojtczuk and MITRE Corp's Corey Kallenberg said the bug in the FSVariable.c source file was …
Darren Pauli, 7 Jan 2015
The Register breaking news

Foxit outfoxes fiendish flaw to fix foxed-up Firefox PDF plugin

Foxit Software has fixed a critical security hole in its PDF plugin for web browsers. A bug in the code allowed overly long URLs in web links to crash the utility - billed as a "better" alternative to Adobe's software - or potentially inject malicious code into vulnerable Windows systems. The stack-based buffer overflow flaw …
John Leyden, 22 Jan 2013
The Register breaking news

Bug exposes eight years of Linux kernel

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover. The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead …
Dan Goodin, 14 Aug 2009
channel

Apple fans besieged by iPhone Trojan and iTunes attack

Apple fans are under attack on multiple fronts. Security researchers have discovered an unpatched vulnerability in Apple's iTunes and QuickTime software that creates an opportunity to crash browser applications. The flaw might also open up a route to inject hostile code onto vulnerable systems, though this remains unproven. …
John Leyden, 19 Sep 2008
Cisco logo

Cisco plugs online meeting bug

Cisco has plugged a buffer overflow flaw involving its popular WebEx online meeting client. The vulnerability, which involves a bug in an ActiveX control, was revealed in a posting by security researcher Elazar Broad on 6 August, more than a week before Cisco issued an advisory on Friday (15 August). Cisco told Broad it was …
John Leyden, 18 Aug 2008
The Register breaking news

µTorrent silently fixes long-standing zero-day vuln

Popular BitTorrent client µTorrent has quietly patched a vulnerability that created a means for hackers to load malware onto the PCs of file-sharers simply by persuading them to open a poisoned Torrent. The Hollywood-dream bug stemmed from a stack-based buffer overflow vulnerability and offered far more potential for mischief …
John Leyden, 14 Aug 2008
The Register breaking news

Oracle breaks patch cycle with emergency fix

Oracle broke its regular patch release cycle on Wednesday to issue a patch for a vulnerability in WebLogic that has become the target of hacker attacks over recent days. Multiple versions of Oracle (formerly BEA) WebLogic application server software are affected by a buffer overflow flaw involving the Apache plug-in component …
John Leyden, 7 Aug 2008
Oracle

Oracle warns over unpatched vuln

Oracle has decided to break its quarterly update release cycle with plans to develop a patch against a zero-day exploit. The planned fix addresses a buffer overflow flaw in Oracle WebLogic Server which creates a means for hackers to plant malware onto targeted systems. By sending a specially-malformed HTTP POST request …
John Leyden, 29 Jul 2008
channel

Al-Qaeda targets net-connected coffee machine

An Aussie risk advisory services manager has issued a chilling security alert concerning the Jura F90 net-connected coffee machine, warning caffeine-heads that the hi-tech brewing device could open their Windows PC to exploitation by internet paedophiles and al-Qaeda*, CNET reports. The Jura F90 Craig Wright, who works for " …
Lester Haines, 18 Jun 2008

Torrent overflows Opera

Opera has fixed a flawed involving how its browser handles Torrent files that allowed hackers to attack vulnerable systems. A boundary error in handling certain types of Torrent files exposed version 9.x of the browser to a stack-based buffer overflow, providing a user right-clicks a malicious Torrent entry in the transfer …
John Leyden, 23 May 2007

Create a news alert about buffer overflow, or find more stories about buffer overflow.

Biting the hand that feeds IT © 1998–2018