Multiple vulnerabilities in radare2
| CENSUS ID: | CENSUS-2022-0001 |
| CVE IDs: | CVE-2022-0419, CVE-2021-44974, CVE-2021-44975 |
| Affected Products: | radare2 versions prior to 5.6.0 |
| Class: | NULL pointer dereference (CWE-476), Heap-based buffer overflow (CWE-122) |
| Discovered by: | Angelos T. Kalaitzidis |
CENSUS identified a number of NULL pointer dereference and Heap buffer overflow bugs in the radare2 project code. Radare2 is a popular reverse engineering framework. CENSUS has verified that release 5.6.0 of radare2 carries the appropriate fixes to remediate all of the identified issues.
Microchip cryptoauthlib atcab_genkey_base buffer overflow
| CENSUS ID: | CENSUS-2020-0004 |
| CVE ID: | CVE-2019-16129 |
| Affected Products: | cryptoauthlib versions prior to "20191122" |
| Class: | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) |
| Discovered by: | George Poulios |
CENSUS identified a buffer overflow vulnerability in the atcab_genkey_base function of the cryptoauthlib library. This library is part of the standard SDK provided by Microchip and is used to drive the operation of cryptographic co-processors sold by the vendor, such as the ATECC608A. An attacker with physical access to an embedded device where a microcontroller unit executes a vulnerable version of this library, may be able to execute arbitrary code on the microcontroller, by supplying malicious input to the microcontroller. Affected manufacturers of embedded systems that use Microchip cryptographic co-processors, are strongly recommended to update to at least version "20191122" of the "cryptoauthlib" library.
Microchip cryptoauthlib atcab_sign_base buffer overflow
| CENSUS ID: | CENSUS-2020-0003 |
| CVE ID: | CVE-2019-16128 |
| Affected Products: | cryptoauthlib versions prior to "20191122" |
| Class: | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) |
| Discovered by: | George Poulios |
CENSUS identified a buffer overflow vulnerability in the atcab_sign_base function of the cryptoauthlib library. This library is part of the standard SDK provided by Microchip and is used to drive the operation of cryptographic co-processors sold by the vendor, such as the ATECC608A. An attacker with physical access to an embedded device where a microcontroller unit executes a vulnerable version of this library, may be able to execute arbitrary code on the microcontroller, by supplying malicious input to the microcontroller. Affected manufacturers of embedded systems that use Microchip cryptographic co-processors, are strongly recommended to update to at least version "20191122" of the "cryptoauthlib" library.
GDCM buffer overflow in ImageRegionReader :: ReadIntoBuffer
| CENSUS ID: | CENSUS-2016-0001 |
| CVE ID: | CVE-2015-8396 |
| Affected Products: | Applications using GDCM versions < 2.6.2 and the ImageRegionReader :: ReadIntoBuffer API call |
| Class: | Integer Overflow or Wraparound (CWE-190) |
| Discovered by: | Stelios Tsampas |
Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical images. It provides routines to view and manipulate a wide range of image formats and can be accessed through many popular programming languages like Python, C#, Java and PHP. Various applications that make use of GDCM are listed here and here.