Faraday
Published in

Faraday

Our team’s vulnerabilities disclosures 2022

Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year. For this purpose, we used fuzzing techniques and reverse engineering.

CVE-2022–0890: NULL pointer dereference in MRuby

CVE-2022–0632: NULL pointer dereference in MRuby

CVE-2022–0481: NULL pointer dereference in MRuby

CVE-2022–0368: Heap-based out-of-bounds read in Vim

CVE-2022–0326: NULL pointer dereference in MRuby

CVE-2022–0319: Heap-based out-of-bounds read in Vim

CVE-2022–0240: NULL pointer dereference in MRuby

CVE-2022–0128: Heap-based out-of-bounds read in Vim

CVE-2022–29558: Command injection in formWlSiteSurvey function. This function is part of the web server provided by Realtek’s SDK for Linux based routers.

CVE-2022–27255: Buffer overflow in SIP ALG implementation of Realtek’s SDK for eCos based routers.

Do you want to try our products? Try our free trial now!🤖

--

--

Faraday Platform helps you perform security engineering by maximizing your team’s resources, increasing risk visibility by converting all your data into valuable information https://www.faradaysec.com/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store