Our team’s vulnerabilities disclosures 2022

Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year. For this purpose, we used fuzzing techniques and reverse engineering.
CVE-2022–0890: NULL pointer dereference in MRuby
CVE-2022–0632: NULL pointer dereference in MRuby
CVE-2022–0481: NULL pointer dereference in MRuby
CVE-2022–0368: Heap-based out-of-bounds read in Vim
CVE-2022–0326: NULL pointer dereference in MRuby
CVE-2022–0319: Heap-based out-of-bounds read in Vim
CVE-2022–0240: NULL pointer dereference in MRuby
CVE-2022–0128: Heap-based out-of-bounds read in Vim
CVE-2022–29558: Command injection in formWlSiteSurvey function. This function is part of the web server provided by Realtek’s SDK for Linux based routers.
CVE-2022–27255: Buffer overflow in SIP ALG implementation of Realtek’s SDK for eCos based routers.
Related Posts
April 21, 2025
Federico Kirschbaum at the Santiago Chamber of Commerce: key insights on cybersecurity
Nuestro CEO y cofundador, Federico Kirschbaum presentó una charla exclusiva para la Cámara de Comercio de Santiago (CCS), en Chile. En esta…
April 10, 2025
Release v5.12
We’re excited to introduce Faraday v5.12! This update brings significant improvements to the user experience with a refreshed look and…
March 25, 2025
Car Hacking: How to unlock doors with Doggie
This post will explore a practical use case to demonstrate Doggie’s power in automotive security research. Imagine you need to unlock a…