A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated attacker full remote code execution on the underlying server. The vulnerability, ...

This excerpt is from Chapter 7, Buffer Overflow of Exploiting Software: How to Break Code written by Greg Hoglund and Gary McGraw, and published by Addison-Wesley ...

Buffer overflow attack examples Buffer overflows typically have a high severity ranking because they can lead to unauthorized code execution in cases where attackers can control the overwritten memory ...

A stack-based buffer overflow vulnerability in HP VoIP phones allows remote attackers to execute arbitrary code with root ...

At first glance, Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. WireGuard is an encrypted point-to-point tunneling protocol, part of what most people ...

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical security flaw. Nobody caught it. Not the open-source contributors who maintained ...

Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions. A ...

Developers at PHP recently patched a bug that can lead to a heap-based buffer overflow. UPDATE Developers at PHP recently pushed out a series of patches to fix a handful of vulnerabilities, including ...

Can there be too much of a good thing? That’s certainly true for computer input. Do an Internet search on the term buffer overflow, and you’ll come up with hundreds of thousands of links, most related ...

Security researchers Vladimir Kiriansky and Carl Waldspurger have uncovered two buffer-overflow derivatives of the Spectre microprocessor bug. In a paper describing the flaws – dubbed Spectre 1.1 and ...