honggfuzz alive and kicking. stack based buffer overflow in libxml2 - https://issues.oss-fuzz.com/issues/392687022

I remember in the mid ‘90s, Bill Gates said something like ‘if the car industry had improved at the same rate as the computer industry, cars would go at a thousand miles per hour and get thousands of miles per gallon’ and someone at a car manufacturer replied that their customers are quite glad that the cars don’t crash several times a day.

I am starting to wonder if Tesla is an elaborate piece of performance art in support of this joke.

"the real question is if we can convince European governments and Europeans to innovate for their continued survival as a free and (climate) safe continent" - no pressure people.

My slides from today's talk about Static Program Analysis. I go into how data flow analysis (like taint propagation in CodeQL) works from first principles - should be digestible with some first-year university maths knowledge

https://zeyu2001.github.io/cam-ib-tech-talk/

Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes

https://blog.hartwork.org/posts/expat-2-7-0-released/

@hanno asks for expert xdev review on oss-security:

https://www.openwall.com/lists/oss-security/2025/03/14/7

Hey hey, you thought there be no #nakeddiefriday today? Here we go!

Today's entry is an Infineon/Siemens SAB-C167CR-LM, a microcontroller based on the C166 core. The die is in pleasant-looking pastel colours. :-) The die has pin 1 in top left corner. I'll do a short thread.

Many thanks to @debauer for supplying the samples!

SiPron page with more info and full-res map: https://siliconpr0n.org/archive/doku.php?id=infosecdj:infineon:sab-c167cr-lm

#electronics #silicon #reverseengineering #microscopy

Less than 30 minutes until our 5.0 live stream! Join us to see all the latest features either on dev now or coming very soon:

https://www.youtube.com/@vector35/live

Kernel Shared Cache, Unions, Stack Array Creation, and so much more...

PHP security releases 8.4.5, 8.3.19, 8.2.28, 8.1.32

https://www.openwall.com/lists/oss-security/2025/03/14/6

CVE data collected by Alan Coopersmith:

"Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes
Use-After-Free). (CVE-2024-11235)
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477

Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when
requesting a redirected resource). (CVE-2025-1219)
https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc

Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic
auth header). (CVE-2025-1736)
https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528

Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to
1024 bytes). (CVE-2025-1861)
https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff

Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers
without colon). (CVE-2025-1734)
https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44

Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not
handle folded headers). (CVE-2025-1217)
https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g "

#PHP

🧟‍♂️ Finding dead bodies

A pad about find dead code using code coverage tools.
It was made by one of us for a talk at the rev.ng hour of some years ago.

More effort than required was put in the image but the results was undoubtedly great.

https://pad.rev.ng/s/CwdCrM68Z#

Deobfuscation with rev.ng and LLVM

OpenAI asks US government for the moon on a stick (because CHINA)

https://pivot-to-ai.com/2025/03/14/openai-asks-the-us-government-for-the-moon-on-a-stick/ - text
https://www.youtube.com/watch?v=6VxrrCdMdL0 - video

My contempt for anyone involved with this drivel knows few limits. Conflating issues and fear mongering because a Chinese company dared to publish an actual open model:

https://techcrunch.com/2025/03/13/openai-calls-deepseek-state-controlled-calls-for-bans-on-prc-produced-models/

And trying to talk about copyright after training in Libgen.

Hypocrisy, lies, grifting :-( - the level of despicable behavior is just out of this world.

wild how the media has fully given up on using the word “lie” as powerful people just bullshit constantly

it’s always “contradicted earlier statements” or “made claims that do not align with the facts” like girl just say they knowingly made shit up, we all see it

This "analysis" by Wallarm - claiming active exploitation of CVE-2025-24813 Tomcat RCE - is wrong in multiple ways (maybe LLM slop?):

https://web.archive.org/web/20250314071219/https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/

There is a PoC on GitHub too now - it improves my findings by directly invoking the session corresponding to the saved object so you don't have to wait for periodic refreshes:

https://github.com/iSee857/CVE-2025-24813-PoC/

This PoC will raise the EPSS score too.

Edit: Wallarm published an update showing that exploit traffic was detected before a PoC was public. Problem is my writeup&PoC was published well before their detection :P

In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/

this is so so so wild, must read:

https://www.404media.co/super-nintendo-hardware-is-running-faster-as-it-ages/

Kompromisse 🙂

now these were Computers:

https://www.youtube.com/watch?v=oLnvvOoWnzU

🚀 We’re working on a new user interface for http://draw.io! 🎨 Check out the details here 👉 https://github.com/jgraph/drawio/discussions/4953 — and let us know what you think! Your feedback will help shape the future of http://draw.io! 💡😊 #drawio #UI

Cool stuff for sale on Ebay! "1216428-301 Lockheed Martin Target ECM Combiner Circuit Card Assembly"

https://www.ebay.com/itm/203918329141