fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

22 ℃
48%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 16:00:02
  1. [USD] USD 61,748.24
  1. [BRL] BRL 320,325.15 [USD] USD 61,748.24 [GBP] GBP 46,125.13 [EUR] EUR 53,465.08
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

dog - 16:00:56 up 263 days, 32 min, 5 users, load average: 0.00, 0.00, 0.00

Google News

[09/06/2026 11:17] Respeitamos decisão de Nunes Marques ao suspender pesquisa, diz PT - Poder360

[09/06/2026 10:00] Ex-estagiário usava sistema do MP para encontrar e extorquir membros do PCC - UOL Notícias

[09/06/2026 08:13] PF deve rejeitar nova delação de Daniel Vorcaro - Revista Oeste

[09/06/2026 13:56] Trump diz que Irã abateu helicóptero dos EUA e promete resposta ao ataque - CNN Brasil

[09/06/2026 12:48] Keiko reduz vantagem de Sánchez nas eleições no Peru; apuração segue lenta - Valor Econômico

[08/06/2026 21:08] Janja chama Malafaia de "insignificante" durante evento do PT - Poder360

[09/06/2026 06:42] Vacina do Butantan contra a dengue é suspensa; entenda o que levou à decisão e o que fazer se você já foi vacinado - BBC

[09/06/2026 04:00] Caso Henry: em lados opostos agora, Monique e Jairinho eram aliados - O Globo

[09/06/2026 08:29] Homens invadem casa e matam influenciadora no interior de MG - Correio Braziliense

[09/06/2026 11:52] Senado barra retirada de apoio à PEC alternativa ao fim da 6 X 1 - Poder360

NVD Feed

[CVE-2026-2240] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.3:LOW] A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.

[CVE-2025-66630] [Modified: 28-02-2026] [Analyzed] [V3.1 S9.4:CRITICAL] Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.

[CVE-2026-2241] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch.

[CVE-2026-2242] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue.

[CVE-2026-23948] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.

[CVE-2026-24491] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0.

[CVE-2026-24675] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.

[CVE-2026-24676] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0.

[CVE-2026-24677] [Modified: 10-02-2026] [Analyzed] [V3.1 S9.1:CRITICAL] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in sws_scale. This vulnerability is fixed in 3.22.0.

[CVE-2026-24678] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.

[CVE-2026-24679] [Modified: 10-02-2026] [Analyzed] [V3.1 S9.1:CRITICAL] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.

[CVE-2026-24680] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.

[CVE-2026-24681] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.

[CVE-2026-24682] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.

[CVE-2026-24683] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerability is fixed in 3.22.0.

[CVE-2026-24684] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

[CVE-2026-24777] [Modified: 11-02-2026] [Analyzed] [V3.1 S6.7:MEDIUM] OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrators. Due to a missing permission check this logic was not enforced. The problem was fixed in OpenProject 17.0.2The problem was fixed in OpenProject 17.0.2.

[CVE-2026-24900] [Modified: 19-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content accepted a select_file_id parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correctly scoped to the requesting user, allowing users access arbitrary submission file contents by id. This vulnerability is fixed in 2.9.1.

[CVE-2026-25057] [Modified: 19-02-2026] [Analyzed] [V3.1 S9.1:CRITICAL] MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.

[CVE-2026-25230] [Modified: 19-02-2026] [Analyzed] [V3.1 S4.6:MEDIUM] FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap