Zombieload

An issue was discovered in libarchive through Google’s ClusterFuzz project. Libarchive is a compression and decompression library, widely used in utilities. The issue here is how the library recovers from a malformed archive. Hitting an invalid header causes the memory in use to be freed. The problem is that it’s possible for file processing to continue even after that working memory has been freed, leading to all kinds of problems. So far an actual exploit hasn’t been revealed, but it’s likely that one is possible. The problem was fixed back in May, but the issue was just announced to give time for that update to percolate down to users.

Of note is the fact that this issue was found through Google’s fuzzing efforts. Google runs the oss-fuzz project, which automatically ingests nightly builds from around 200 open source projects and runs ClusterFuzz against them. This process of throwing random data at programs and functions has revealed over 14,000 bugs.
Continue reading “This Week In Security: Fuzzing Fixes, Foul Fonts, TPM Timing Attacks, And More!” →

Hackaday

1 Articles

This Week In Security: Fuzzing Fixes, Foul Fonts, TPM Timing Attacks, And More!

Search

Never miss a hack

If you missed it

Ask Hackaday: Is Shortwave On Life Support?

End Of An Era: Sony Cuts Production Of Writable Optical Media

The Rise Of The Disappearing Polymorphs

You Can Use LEDs As Sensors, Too

Reviewing Nuclear Accidents: Separating Fact From Fiction

Our Columns

Hackaday Podcast Episode 281: Metal Clay, Desiccants, Silica Gel, And Keeping Filament Dry

This Week In Security: EvilVideo, Crowdstrike, And InSecure Boot

Linux Fu: Failing Pipelines

FLOSS Weekly Episode 793: Keeping An Eye On Things With Hilight.io

Supercon 2023: Jesse T. Gonzalez Makes Circuit Boards That Breathe And Bend

Search

Never miss a hack

Subscribe

If you missed it

Our Columns