One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 7062498 |
| Date de publication | 2022-09-22 10:01:26 (vue: 2022-09-22 15:06:58) |
| Titre | Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices |
| Texte |  Lilith >_> of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered a memory corruption vulnerability in the uClibC library that could affect any Unix-based devices that use this library. uClibC and uClibC-ng are lightweight replacements for the popular gLibc library, which is the GNU Project's implementation of the C standard library. TALOS-2022-1517 (CVE-2022-29503 - CVE-2022-29504) is a memory corruption vulnerability in uClibC and uClibc-ng that can occur if a malicious user repeatedly creates threads. Many embedded devices utilize this library, but Talos specifically confirmed that the Anker Eufy Homebase 2, version 2.1.8.8h, is affected by this vulnerability. Anker confirmed that they've patched for this issue. However, uClibC has not issued an official fix, though we are disclosing this vulnerability in accordance with Cisco's 90-day vulnerability disclosure policy. Talos tested and confirmed the following software is affected by these vulnerabilities: uClibC, version 0.9.33.2 and uClibC-ng, version 1.0.40. |
| Envoyé | Oui |
| Condensat | cisco many talos 1517 2022 29503 29504 accordance affect affected anker any are based but can cisco confirmed corruption could creates cve day devices disclosing disclosure discovered embedded eufy fix following glibc gnu has homebase however implementation issue issued library lightweight lilith malicious memory not occur official patched policy popular project recently repeatedly replacements software specifically spotlight: standard talos tested these they though threads uclibc unix use user utilize version vulnerabilities vulnerabilities: vulnerability which |
| Tags | Vulnerability |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.