infosec.place

Conversation

buherator

It's not ../, it's a vanilla stack overflow as a result of strncpy with input size.

This company should not exist by now.

https://labs.watchtowr.com/do-secure-by-design-pledges-come-with-stickers-ivanti-connect-secure-rce-cve-2025-0282/

1

2

3

Troed Sångberg

troed@ioc.exchange

Reply to @buherator

@buherator "I am devloper. strncpy is safe because it has 'n'".

1

0

0

buherator

Reply to @troed@ioc.exchange

@troed Devs make mistakes. This should've been caught by a code scanner.

0

0

0