[binary] Rust Memory Corruption???

Published: Feb. 28, 2024, 12:06 p.m.

VirtualBox has a very buggy driver, PostgreSQL has an Out of Bounds Access, and lifetime issues are demonstrated in Rust in "safe" code.

\n


\n

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/246.html

\n


\n

[00:00:00] Introduction

\n

[00:00:22] cve-rs

\n

[00:18:28] Oracle VM VirtualBox: Intra-Object Out-Of-Bounds Write in virtioNetR3CtrlVlan

\n

[00:32:30] PostgreSQL: Array Set Element Memory Corruption

\n

[00:35:06] Analyzing the Google Chrome V8 CVE-2024-0517 Out-of-Bounds Code Execution Vulnerability

\n

[00:37:15] Continuously fuzzing Python C extensions

\n


\n

The DAY[0] Podcast episodes are streamed live on Twitch twice a week:

\n

-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities

\n

-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

\n


\n

We are also available on the usual podcast platforms:

\n

-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063

\n

-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt

\n

-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz

\n

-- Other audio platforms can be found at https://anchor.fm/dayzerosec

\n


\n

You can also join our discord: https://discord.gg/daTxTK9