Our team’s vulnerabilities disclosures 2022

Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year. For this purpose, we used fuzzing techniques and reverse engineering.
CVE-2022–0890: NULL pointer dereference in MRuby
CVE-2022–0632: NULL pointer dereference in MRuby
CVE-2022–0481: NULL pointer dereference in MRuby
CVE-2022–0368: Heap-based out-of-bounds read in Vim
CVE-2022–0326: NULL pointer dereference in MRuby
CVE-2022–0319: Heap-based out-of-bounds read in Vim
CVE-2022–0240: NULL pointer dereference in MRuby
CVE-2022–0128: Heap-based out-of-bounds read in Vim
CVE-2022–29558: Command injection in formWlSiteSurvey function. This function is part of the web server provided by Realtek’s SDK for Linux based routers.
CVE-2022–27255: Buffer overflow in SIP ALG implementation of Realtek’s SDK for eCos based routers.
Related Posts
September 19, 2023
Improve visibility with Slash Command in Slack to interact with Faraday
In this blog, we are going to create a Slack app to allow us to interact with Faraday API using its known Slash Commands. This allows for…
September 11, 2023
A three-hour session about hacking by our CEO, Federico Kirschbaum
It's true that cybersecurity is primarily something developed by governments and large, regulated companies. If these entities with vast…
September 11, 2023
Our CEO Federico Kirschbaum moderated a panel on Cybersecurity in the Blockchain and Web3
Our CEO Federico Kirschbaum participated as a moderator in the “Cybersecurity” panel at Ethereum Argentina, alongside Pablo G. Sabbatella,…