CVE Publication: CVE 2016-8636

After a long patching process, CVE 2016-8636 was now fixed and can be publicly disclosed. CVE 2016-8636 is caused by a classic integer-overflow vulnerability, showing that even the linux kernel suffers from this major vulnerability family.

Continue reading “CVE Publication: CVE 2016-8636”

Advertisements

CVE(s) Publication: libcsp

During last August I made a security audit to an interesting embedded library I have found in Github: libcsp:

Cubesat Space Protocol – A small network-layer delivery protocol designed for Cubesats

This blog post will describe my findings, CVE 2016-8596, CVE 2016-8597, CVE 2016-8598, will publicly disclose the vulnerabilities and will elaborate on the lessons that can be learned from them.

Continue reading “CVE(s) Publication: libcsp”