< ciso
brief />
Tag Banner

All news with #buffer overflow tag

47 articles

F5 issues patches for two critical NGINX flaws

🛡️ F5 released updates to fix two critical vulnerabilities in NGINX Open Source that can allow remote code execution. CVE-2026-42530 is a use-after-free in the HTTP/3 QUIC module and CVE-2026-42055 is a heap-based buffer overflow affecting proxy and gRPC modules when specific directives are set. Patches are available across NGINX Open Source, NGINX Plus, Gateway Fabric, Instance Manager, WAF, DoS modules and Ingress Controller versions. Mitigations include disabling HTTP/3 for CVE-2026-42530 and adjusting ignore_invalid_headers or large_client_header_buffers settings for CVE-2026-42055.
read more →

F5 issues out‑of‑band patches for critical NGINX flaws

🔒 F5 released out-of-band updates to fix multiple NGINX vulnerabilities, including two critical flaws in the ngx_http_v3_module and ngx_http_proxy_v2/_grpc modules that can lead to DoS or code execution. The bugs cause use‑after‑free or heap buffer overflow in worker processes and affect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager. Mitigations include disabling HTTP/3 and adjusting header buffer directives until patches are applied.
read more →

RSLinx Classic vulnerability advisory and mitigations

🔒 This advisory describes a stack-based buffer overflow and an out-of-bounds read in Rockwell Automation RSLinx Classic Third-Party components that can cause denial of service or enable remote code execution. Rockwell recommends upgrading to version 4.60.00 or later or applying patch BF31213 where upgrades are not possible. CISA urges minimizing network exposure, isolating control systems behind firewalls, and using secure remote access methods such as updated VPNs while performing impact analysis and risk assessments.
read more →

Hitachi Energy MACH HiDraw Heap Overflow Patch

🔒 Hitachi Energy reported a heap-based buffer overflow in MACH HiDraw XML parser where an authenticated local user can trigger memory corruption using a crafted XML file. Successful exploitation may cause application crashes (DoS) or enable arbitrary code execution. A vendor fix is available in version 9.23; contact your local account team for upgrade assistance. CISA recommends network segmentation, firewall controls, and minimizing exposure of control systems to the internet.
read more →

Critical HP Poly VoIP Flaw Enables Remote Root Access

🔒 HP has released patches for a critical buffer overflow in multiple IP conference phones in its Poly Voice line that can allow unauthenticated attackers to gain root on affected devices. The issue, tracked as CVE-2026-0826 and rated 9.2 CVSS, stems from SDP parsing when the ICE feature is enabled; administrators are advised to disable ICE if not needed. Rapid7 researchers released a Metasploit exploit demonstrating the vulnerability, and HP has issued UCS updates to remediate the affected VVX and Trio models.
read more →

XCharge C6 charger firmware and access vulnerabilities

🔒 CISA reports critical vulnerabilities in the XCharge C6 electric vehicle charging controller that could allow attackers to gain administrator rights or execute arbitrary code. A firmware update mechanism lacks signature validation, a stack-based buffer overflow exists in signal processing, and a management service exposes default credentials over the charging interface. XCharge has deployed updates for affected units; users should contact XCharge Support for details.
read more →

DICOM Heap Overflows: Orthanc, pydicom, GDCM Risks

🔍 This white paper examines DICOM parsing risks and demonstrates how malformed medical images can lead to heap overflow vulnerabilities during ingestion. It outlines a concrete case where an Orthanc server is targeted during image upload, producing an out-of-bounds write. The analysis highlights interactions between pydicom, GDCM, and Orthanc, and emphasizes the importance of robust parsing and hardening in PACS environments.
read more →

Four MediaInfoLib Heap Buffer Overflows Patched

🛡️ Cisco Talos disclosed four heap-based buffer overflow vulnerabilities in the MediaArea MediaInfoLib (v26.01) library, all of which can lead to arbitrary code execution when processing a malicious media file. The issues were found by Dimitrios Tatsis of Talos and have been patched by the vendor per Cisco’s third-party disclosure policy. Users can obtain Snort rules to detect exploitation and consult Talos for vulnerability advisories. Administrators should update MediaInfoLib to the vendor-released fixed versions promptly.
read more →

ABB Terra AC Heap Overflow Risks and Fixes

🔒 ABB reported a heap-based buffer overflow in select Terra AC EV chargers that can be triggered via crafted OCPP messages. Exploitation may allow heap pollution, denial-of-service, altered firmware behavior, or possible remote code execution; the vendor has released patched firmware versions. ABB strongly recommends avoiding unencrypted HTTP for OCPP connections and applying updates promptly to mitigate remote exploitation risks.
read more →

ABB AC500 V2 Modbus Buffer Over-read Advisory

🛡️ The advisory details a buffer over-read vulnerability in ABB AC500 V2 devices that can cause Modbus server responses to include fragments of earlier telegrams. Affected devices running older firmware may return invalid or appended data when presented with unsupported Modbus function codes. ABB issued a fix in AC500 V2 firmware version 2.5.3 (2016) and later; operators are urged to update and minimize network exposure. CISA republished the vendor advisory to raise visibility and recommends isolating control networks and using secure remote access.
read more →

ABB Terra AC Wallbox Buffer Overflow Advisory

🔒 ABB reports heap, stack and classic buffer overflow vulnerabilities in select Terra AC Wallbox firmware. An attacker who hijacks Bluetooth and crafts oversized fields could corrupt memory and potentially alter firmware behavior. ABB has released firmware version 1.8.36 (JP) to address the issues and recommends updating as soon as possible.
read more →

ABB B&R UEFI PXE Vulnerabilities and Vendor Updates

🔒 ABB B&R reported multiple vulnerabilities in the UEFI PXE implementation of affected B&R PCs and controllers. EDK2 Network Package issues include out-of-bounds reads, buffer overflows, infinite loops, and weak PRNG usage that can lead to remote code execution, DoS, DNS poisoning, or data exposure. Vendor updates are available for many product versions and users are advised to apply patches or follow mitigations.
read more →

PAN-OS Captive Portal Critical RCE Affecting Siemens Devices

⚠️A buffer overflow in the User-ID™ Authentication Portal (Captive Portal) of Palo Alto Networks PAN-OS permits an unauthenticated attacker to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. Siemens has identified affected Siemens RUGGEDCOM APE1808 devices and is preparing fixes while recommending immediate mitigations. Recommended actions include disabling Response Pages on exposed interfaces, disabling the User-ID Authentication Portal if not required, and restricting portal access to trusted internal IP addresses; contact vendor support for patch information.
read more →

Siemens Solid Edge SE2026 PAR Parsing Flaws, Update

⚠️ Siemens released an update fixing two PAR file parsing vulnerabilities in Solid Edge SE2026 that could allow application crashes or remote code execution. The flaws involve access of an uninitialized pointer (CWE-824) and a stack-based buffer overflow (CWE-121) when handling specially crafted PAR files. Update to V226.0 Update 5 or later and limit network exposure. CISA has republished the vendor advisory and urges organizations to apply the fix and follow recommended ICS security practices.
read more →

Siemens Ruggedcom Rox: Multiple Critical Vulnerabilities

🚨 Siemens reports that Ruggedcom Rox devices prior to V2.17.1 contain numerous third‑party vulnerabilities and has released updated firmware; customers are urged to update immediately. The issues include uncontrolled recursion, integer underflow/overflow, multiple stack- and heap-based buffer overflows, use‑after‑free, improper input validation and path traversal, among others. Affected components include Das U‑Boot, QEMU emulation modules, Python email parsing, linux‑pam and other supporting libraries. Apply the vendor updates to mitigate risks such as denial of service, boot bypass or potential code execution.
read more →

Siemens Simcenter Femap Heap Overflow in IPT Files

⚠️ Simcenter Femap contains a heap-based buffer overflow in the Datakit library that can be triggered by specially crafted IPT files, causing memory corruption during parsing. If a user opens a malicious IPT file, an attacker could achieve remote code execution in the context of the running process. Siemens has released V2512.0003 or later to address the issue and recommends immediate updating; the flaw is tracked as CWE-122. CISA republished the vendor advisory to increase visibility and urges reducing network exposure and following Siemens' industrial security guidance.
read more →

ABB AC500 V3: Stack Buffer Overflow in CMS AES-GCM

ABB reports a stack-based buffer overflow in AC500 V3 when parsing CMS (Auth)EnvelopedData with AEAD ciphers like AES-GCM. An oversized IV in ASN.1 parameters may be copied into a fixed-size stack buffer without length checks, allowing an out-of-bounds write before authentication. This can cause crashes, DoS, or potential RCE. ABB issued firmware 3.9.0 HF1 to correct the issue; no workaround exists.
read more →

Critical PAN-OS Buffer Overflow Targets Exposed Firewalls

🔒 Palo Alto Networks warned of a critical buffer overflow in PAN-OS affecting the User-ID Authentication Portal (CVE-2026-0300) that can allow unauthenticated attackers to execute code as root on exposed PA- and VM-Series firewalls. The vendor says only portals reachable from untrusted IPs are at risk; Prisma Access, Cloud NGFW and Panorama are not impacted. Customers are advised to restrict portal access, disable the Captive Portal if unused, disable Response Pages on untrusted interfaces, and apply mitigations until patched builds roll out in May.
read more →

Foxit Reader and LibRaw Vulnerabilities — Talos Advisory

🔒 Cisco Talos disclosed a use-after-free flaw in Foxit Reader (TALOS-2026-2365 / CVE-2026-3779) exploitable via malicious PDF JavaScript, and six vulnerabilities in LibRaw including heap-based buffer overflows and integer overflows across multiple CVEs. All issues were patched by vendors following Cisco’s disclosure policy. Administrators should apply vendor updates and deploy Snort rules from Talos to detect exploitation.
read more →

Delta ASDA-Soft Stack Buffer Overflow Vulnerability

⚠️ CISA warns of a stack-based buffer overflow (CVE-2026-5726) in Delta Electronics ASDA-Soft affecting versions <=V7.2.2.0 that can enable arbitrary code execution when a specially crafted .par file is parsed. The flaw is rated High (CVSS 3.1 base score 7.8) and requires local access or user interaction to trigger. Delta advises upgrading to ASDA-Soft v7.2.6.0 or later and following network isolation and defense-in-depth practices.
read more →