Tagged: Cybersecurity Alert

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element. More...

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic. More information : https://git.9front.org/plan9front/9front/70c97c334171c715df82774d1a47638abaca2db4/commit.html

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. More information : https://go.dev/cl/781620

For certain crafted inputs, a ‘ed25519.PrivateKey’ was created by casting malformed wire bytes, leading to a panic when used. More information : https://go.dev/cl/781360

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied...

Previously, a revoked ‘SignatureKey’ belonging to a CA was not correctly checked for revocation. Now, both the ‘key’ and ‘key.SignatureKey’ are checked for @revoked. More information : https://go.dev/cl/781220

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped. More information : https://go.dev/cl/781642

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets...

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking...

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now...

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption...

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection’s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource...

The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore...

When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on...