Our team’s vulnerabilities disclosures 2022
Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year. For this purpose, we used fuzzing techniques and reverse engineering.
CVE-2022–0890: NULL pointer dereference in MRuby
CVE-2022–0632: NULL pointer dereference in MRuby
CVE-2022–0481: NULL pointer dereference in MRuby
CVE-2022–0368: Heap-based out-of-bounds read in Vim
CVE-2022–0326: NULL pointer dereference in MRuby
CVE-2022–0319: Heap-based out-of-bounds read in Vim
CVE-2022–0240: NULL pointer dereference in MRuby
CVE-2022–0128: Heap-based out-of-bounds read in Vim
CVE-2022–29558: Command injection in formWlSiteSurvey function. This function is part of the web server provided by Realtek’s SDK for Linux based routers.
CVE-2022–27255: Buffer overflow in SIP ALG implementation of Realtek’s SDK for eCos based routers.
Related Posts
March 12, 2024
Good practices in Cybersecurity: Red Team, Blue Team, Purple Teams and more! – Part 2
Nowadays, we can distinguish various branches within a security team Red Teams, Blue Teams, Purple Teams & Bug Hunters. But what does each…
February 15, 2024
Good practices in Cybersecurity – Part 1
Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They…
January 22, 2024
SADProtocol goes to Hollywood
This research project started when Javier’s wife, our ex Research leader, told him their IP camera had stopped working. Javier was asked to…