A Vulnerability to Hack The World - CVE-2023-4863

Описание к видео A Vulnerability to Hack The World - CVE-2023-4863

Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I'm excited to share with you what I learned.

Want to learn hacking? Signup to https://hextree.io (ad)
Buy my shitty font: https://shop.liveoverflow.com/ (ad)

WebP Fix Commit: https://chromium.googlesource.com/web...
Citizenlab: https://citizenlab.ca/2023/09/blastpa...
Ben Hawkes: https://blog.isosceles.com/the-webp-0...

Software Updates
Apple https://support.apple.com/en-gb/106361
Chrome https://chromereleases.googleblog.com...
Firefox https://www.mozilla.org/en-US/securit...
Android https://www.mozilla.org/en-US/securit...
Whose CVE is it Anyway? https://adamcaudill.com/2023/09/14/wh...

References:
2014 bug introduction https://github.com/webmproject/libweb...
   • How Computers Compress Text: Huffman ...  
   • Huffman Codes: An Information Theory ...  
   • How PNG Works: Compromising Speed for...  
   • Huffman coding step-by-step example  
https://stackoverflow.com/questions/1...
https://web.archive.org/web/202302042...
enough.c https://github.com/madler/zlib/blob/d...

Thanks to:
  / mistymntncop  
  / benhawkes  


Chapters:
00:00 - Intro to CVE-2023-4863
01:32 - Most Valuable Vulnerability?
03:02 - Heap Overflow Related to Huffman Trees
03:58 - Learning about Huffman Codes
06:24 - What are Huffman Tables?
10:24 - Hardcoded Table Sizes (enough.c)
12:21 - Code Walkthrough - BuildHuffmanTable()
13:04 - The code_lengths[] and count[] Arrays
15:14 - Difference Between Compression and Decompression!
17:04 - Outro

=[ ❤️ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

2nd Channel:    / liveunderflow  

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow  
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok:   / liveoverflow_  
→ Instagram:   / liveoverflow  
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow  

Комментарии

Информация по комментариям в разработке

Похожие видео