In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH. While the advisory contains all the necessary details. I figured I would use a few additional words and expand the explanations for anyone who cares to understand how this flaw work
SOCKS5 heap buffer overflow Project curl Security Advisory, October 11 2023 - Permalink VULNERABILITY This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes. If the hostname i
In this blog, I am going to explain the important concepts of Heap and use the ptmalloc in the Glibc 2.31 library as an example. The heap is a beautiful mess :) I really like the saying shown above. The word Heap we always use refers to the dynamically allocated segment in the virtual memory space of a process, but it actually stands for the implementation of the memory pool(the dynamic memory all
The answer is in your heap: debugging a big memory increase in Ruby on Rails
I recently participated in an interesting series of debugging sessions tracking down the source of a large increase in memory when upgrading a Rails application. We ultimately tracked down the cause using John Hawthorn’s Sheap heap analyzer and successfully submitted a patch to Rails. I thought it was interesting enough to write up because maybe the general approach to debugging memory issues woul
This blog post has been authored by José Dapena Paz (Igalia), with contributions from Jason Williams (Bloomberg), Ashley Claymore (Bloomberg), Rob Palmer (Bloomberg), Joyee Cheung (Igalia), and Shu-yu Guo (Google). In this post about V8 heap snapshots, I will talk about some performance problems found by Bloomberg engineers, and how we fixed them to make JavaScript memory analysis faster than ever
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
How I made a heap overflow in curl | daniel.haxx.se
curl - SOCKS5 heap buffer overflow - CVE-2023-38545
Understanding the Heap - a beautiful mess
Speeding up V8 heap snapshots · V8