Our team’s vulnerability disclosures 2021
At Faraday, we are part of the open-source community. Our product relies on various open-source projects, and it is released under the GNU General Public License. Fortunately, these practices are becoming more common and, with them, open-source software is increasing its presence in data centers, consumer devices, and applications.
But this can have its drawbacks, too, as this xkcd comic illustrates. In particular, some of the software we use daily does not have security in mind. In many cases, these tools started as small side projects or weekend experiments, and their creators did not foresee the popularity they might achieve in the future. Regardless of why this happens, and after reflecting on this, our research team started a new quest to find and report vulnerabilities in the open-source projects we use every day.
These are the vulnerabilities we’ve disclosed during 2021
– CVE-2021–4021: Uncontrolled resource consumption via specially crafted ELF64 binary for MIPS architecture in radare2.
– CVE-2021–4022: Segfault when analyzing an ELF64 for HPPA architecture in rizin.
– CVE-2021–43814: Heap-based OOB write when parsing dwarf DIE info in Rizin.
– CVE-2021–4166: Out-of-bounds Read while loading session in vim.
– CVE-2021–4192: Use After Free while loading session in vim.
– CVE-2021–4193: Out-of-bounds Read while loading session in vim.
Related Posts
October 7, 2024
Maturity Models in Vulnerability Management: Where Are You At?
Since organizations differ in size, structure, and maturity, there are various vulnerability management models tailored to each. These…
July 29, 2024
Expanded Attack Surface: How to Optimize Time and Resources in Cybersecurity
Security teams of all sizes, from large Fortune 500 companies to small NGOs, face the same problem: a lack of time and an ever-expanding…
July 17, 2024
Using Faraday API for Vulnerability Management
Within our team, we prefer to focus on specific tasks depending on the type of host and the associated vulnerabilities. Exploiting a…