#integeroverflow — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #integeroverflow, aggregated by home.social.
-
🎩✨ Oh joy, yet another riveting exploration of integer overflow checks – because who wouldn't want to dive into the thrilling world of compiler flags and conditional branches? 🤔🔍 Surely, decoding a branch on #x86 is everyone's idea of a fun-filled weekend! 😂🚀
https://danluu.com/integer-overflow/ #integeroverflow #compilerflags #programminghumor #technews #softwaredevelopment #HackerNews #ngated -
🎩✨ Oh joy, yet another riveting exploration of integer overflow checks – because who wouldn't want to dive into the thrilling world of compiler flags and conditional branches? 🤔🔍 Surely, decoding a branch on #x86 is everyone's idea of a fun-filled weekend! 😂🚀
https://danluu.com/integer-overflow/ #integeroverflow #compilerflags #programminghumor #technews #softwaredevelopment #HackerNews #ngated -
🎩✨ Oh joy, yet another riveting exploration of integer overflow checks – because who wouldn't want to dive into the thrilling world of compiler flags and conditional branches? 🤔🔍 Surely, decoding a branch on #x86 is everyone's idea of a fun-filled weekend! 😂🚀
https://danluu.com/integer-overflow/ #integeroverflow #compilerflags #programminghumor #technews #softwaredevelopment #HackerNews #ngated -
🎩✨ Oh joy, yet another riveting exploration of integer overflow checks – because who wouldn't want to dive into the thrilling world of compiler flags and conditional branches? 🤔🔍 Surely, decoding a branch on #x86 is everyone's idea of a fun-filled weekend! 😂🚀
https://danluu.com/integer-overflow/ #integeroverflow #compilerflags #programminghumor #technews #softwaredevelopment #HackerNews #ngated -
🎩✨ Oh joy, yet another riveting exploration of integer overflow checks – because who wouldn't want to dive into the thrilling world of compiler flags and conditional branches? 🤔🔍 Surely, decoding a branch on #x86 is everyone's idea of a fun-filled weekend! 😂🚀
https://danluu.com/integer-overflow/ #integeroverflow #compilerflags #programminghumor #technews #softwaredevelopment #HackerNews #ngated -
From a Silent Math Error to Certificate Bypass: Uncovering an Integer Overflow in a TLS Parser
This article details an integer overflow vulnerability within a Transport Layer Security (TLS) parser. The flaw allowed attackers to bypass certificate checks due to improper validation of parsed values. When the server received maliciously crafted client hello messages containing excessively large extensions, it failed to handle the unexpected data size. As a result, an integer overflow occurred, leading to buffer overflows and arbitrary code execution. The researcher exploited this vulnerability by sending a specially crafted TLS handshake request with extended client hello payloads that contained large, incorrectly parsed values. By modifying the length of extension fields, they tricked the parser into interpreting non-existent data as valid, causing unintended execution of malicious code and certificate bypass. The exploit resulted in a high severity vulnerability (CVE-2018-0204) with a CVSS score of 9.8. The researcher was awarded $36,000 for their findings, and the vendor promptly released patches to address this issue. To prevent similar issues, developers should perform rigorous input validation and limit the size of parsed values during TLS handshake processing. Key lesson: Proper input validation is crucial in TLS parsing to avoid buffer overflows and other security vulnerabilities #BugBounty #Cryptography #TLS #IntegerOverflow #BufferOverFlow -
From a Silent Math Error to Certificate Bypass: Uncovering an Integer Overflow in a TLS Parser
This article details an integer overflow vulnerability within a Transport Layer Security (TLS) parser. The flaw allowed attackers to bypass certificate checks due to improper validation of parsed values. When the server received maliciously crafted client hello messages containing excessively large extensions, it failed to handle the unexpected data size. As a result, an integer overflow occurred, leading to buffer overflows and arbitrary code execution. The researcher exploited this vulnerability by sending a specially crafted TLS handshake request with extended client hello payloads that contained large, incorrectly parsed values. By modifying the length of extension fields, they tricked the parser into interpreting non-existent data as valid, causing unintended execution of malicious code and certificate bypass. The exploit resulted in a high severity vulnerability (CVE-2018-0204) with a CVSS score of 9.8. The researcher was awarded $36,000 for their findings, and the vendor promptly released patches to address this issue. To prevent similar issues, developers should perform rigorous input validation and limit the size of parsed values during TLS handshake processing. Key lesson: Proper input validation is crucial in TLS parsing to avoid buffer overflows and other security vulnerabilities #BugBounty #Cryptography #TLS #IntegerOverflow #BufferOverFlow -
CW: Integer overflow
Integer overflow! Integer overflow!
The battery is labeled 44Ah.
The charger shows -24534 mAh.
Assuming this thing uses an int16 to store the charged capacity its now at 41 Ah charged, which is totally fine for a "dead, to be scrapped" car battery.
(Yes I am doing silly off-grid stuff again)
-
Recent addition to the Newton Glossary describing the “Year 2040 Problem”.
-
Bugs in Gains Network fork let traders profit 900% on every trade: Report - An attacker could have placed a limit buy order with an arbitrarily high... - https://cointelegraph.com/news/bugs-in-unnamed-gains-network-fork-let-traders-profit-900-on-every-trade #holdstationexchange #integeroverflow #cybersecurity #gainsnetwork #holdstation #kravtrade #exploit #zellic #gains #krav
-
Bugs in Gains Network fork let traders profit 900% on every trade: Report - An attacker could have placed a limit buy order with an arbitrarily high... - https://cointelegraph.com/news/bugs-in-unnamed-gains-network-fork-let-traders-profit-900-on-every-trade #holdstationexchange #integeroverflow #cybersecurity #gainsnetwork #holdstation #kravtrade #exploit #zellic #gains #krav
-
Bugs in Gains Network fork let traders profit 900% on every trade: Report - An attacker could have placed a limit buy order with an arbitrarily high... - https://cointelegraph.com/news/bugs-in-unnamed-gains-network-fork-let-traders-profit-900-on-every-trade #holdstationexchange #integeroverflow #cybersecurity #gainsnetwork #holdstation #kravtrade #exploit #zellic #gains #krav
-
Bugs in Gains Network fork let traders profit 900% on every trade: Report - An attacker could have placed a limit buy order with an arbitrarily high... - https://cointelegraph.com/news/bugs-in-unnamed-gains-network-fork-let-traders-profit-900-on-every-trade #holdstationexchange #integeroverflow #cybersecurity #gainsnetwork #holdstation #kravtrade #exploit #zellic #gains #krav
-
Congratulations to #duolingo on passing the first #IntegerOverflow test!
-
Jetzt patchen! Attacken auf Google Chrome | heise online
https://heise.de/-9542935 #Webbrowser #Browser #Chrome #Sicherheitslücken #Speicherfehler #IntegerOverflow -
@hywan gcc is not wrong though. You need to check upfront with a decent bounds check that what you will do is OK in C, rather than do it, then see if something undefined happened.
Unfortunately there weren't good tools in the C or C++ stdlib to do checking for a long time.
For C++: https://learn.microsoft.com/en-us/cpp/safeint/safeint-library
C from c23 has builtins to do this, and each common compiler does too:
https://stackoverflow.com/questions/199333/how-do-i-detect-unsigned-integer-overflow
