Notable vulnerabilities found in high-profile software

UPCOMING:

• OpenSSL MEDIUM severity remote vulnerability. Not reported yet. Will be reported in due time.
• Ripple cryptocurrency rippled remote vulnerability TBA
• EOSIO (EOS cryptocurrency token) 10 remote vulnerabilities TBA

Previous:

• Multiple remote vulnerabilities in SoftEther VPN – https://guidovranken.wordpress.com/2018/01/15/security-audit-of-softether-vpn-finds-11-security-vulnerabilities/
• Stellar cryptocurrency 2 remote vulnerabilities
• Ripple cryptocurrency multiple remote vulnerabilities – https://ripple.com/dev-blog/rippled-version-0-90-1/
• libsrtp multiple vulnerabilities – https://guidovranken.wordpress.com/2018/03/22/full-disclosure-libsrtp-multiple-vulnerabilities/
• Go progamming language incorrect exponentiation – https://github.com/golang/go/issues/22830
• OpenVPN remote buffer overflow (CVE-2017-12166) – https://guidovranken.wordpress.com/2017/09/27/one-more-openvpn-vulnerability-cve-2017-12166/
• FreeRADIUS multiple remote vulnerabilities – https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
• Multiple critical OpenVPN vulnerabilities – https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
• rpcbind CVE-2017-8779 – https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
• Various mbed TLS issues – https://guidovranken.wordpress.com/2017/03/10/new-vulnerabilities-found-in-mbed-tls/
• OpenSSH – CVE-2016-10012 – https://lwn.net/Articles/709677/
• OpenSSL – CVE-2017-3730 (“moderate” severity) – https://www.openssl.org/news/secadv/20170126.txt
• OpenSSL – remote client memory corruption – https://guidovranken.wordpress.com/2016/10/13/openssl-1-1-0-remote-client-memory-corruption-in-ssl_add_clienthello_tlsext/
• Ruby – arbitrary length OOB read in strscan module – https://guidovranken.wordpress.com/2016/10/10/32-bit-ruby-arbitrary-length-oob-read-in-strscan-module/
• Ruby – heap corruption in string.c tr_trans() due to undersized buffer – https://guidovranken.wordpress.com/2016/06/20/ruby-vulnerability-heap-corruption-in-string-c-tr_trans-due-to-undersized-buffer/
• Ruby – heap corruption in DateTime.strftime() on 32 bit for certain format strings – https://guidovranken.wordpress.com/2016/06/20/ruby-vulnerability-heap-corruption-in-string-c-tr_trans-due-to-undersized-buffer/
• Ruby – StringIO strio_getline() may divulge arbitrary process memory – https://guidovranken.wordpress.com/2016/06/17/ruby-vulnerability-stringio-strio_getline-may-divulge-arbitrary-process-memory/
• Python – heap corruption via Python 2.7.11 IOBase readline() – https://github.com/torproject/tor/commit/6abceca1826a018fb51e419fc4eb9721dd501acf
• Tor – proactive defense against heap corruption – https://github.com/torproject/tor/commit/6abceca1826a018fb51e419fc4eb9721dd501acf
• Tor – heap corruption – https://github.com/torproject/tor/blob/master/changes/bug18162
• OpenSSL – CVE-2016-2177 https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
• OpenSSL – CVE-2016-2105 EVP_EncodeUpdate overflow https://openssl.org/news/secadv/20160503.txt
• OpenSSL – CVE-2016-2106 EVP_EncryptUpdate overflow https://openssl.org/news/secadv/20160503.txt
• OpenSSL – CVE-2016-2176 X509_NAME_oneline() overread on EBCDIC systems https://openssl.org/news/secadv/20160503.txt
• OpenSSL – CVE-2016-0799 BIO_printf heap corruption https://openssl.org/news/secadv/20160301.txt
• OpenSSL – CVE-2016-0797 BN_hex2bn/BN_dec2bn heap corruption https://openssl.org/news/secadv/20160301.txt
• OpenSSL – b2i_PVK_bio heap corruption – https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/
• mbed TLS – potential double free in mbedtls_ssl_conf_psk – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L50
• mbed TLS – potential double free – mbedtls_x509_crt_parse_path https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L53
• mbed TLS – buffer overflow in asn1_write_xxx() functions – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L56
• mbed TLS – CVE-2015-5291 remote heap corruption – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L98
• mbed TLS – potential double free – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L101
• mbed TLS – stack buffer overflow – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L105
• mbed TLS – potential buffer overflow – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L108
• mbed TLS – random memory allocation – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L113
• mbed TLS – base64_encoded() heap buffer overflow – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L117
• mbed TLS – potential double-free in mbedtls_conf_psk() – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L120
• mbed TLS – potential heap overflow – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L123
• Python – CVE-2014-4616 arbitrary memory reads in _json module
• Apache httpd – CVE-2015-0228 remote DoS through stack exhaustion – https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
• glibc, NetBSD libc – heap overflow in regex library – https://www.kb.cert.org/vuls/id/695940
• libevent – stack buffer overflow – https://github.com/libevent/libevent/issues/318
• libevent – remote DNS stack overread – https://github.com/libevent/libevent/issues/317