HNS-2023-04 - HN Security Advisory - Buffer overflow vulnerabilities with long path names in TinyDir

Read Time:27 Second

Posted by Marco Ivaldi on Dec 12

Hi,

Please find attached a security advisory that describes some buffer
overflow vulnerabilities we discovered in TinyDir.

* Title: Buffer overflow vulnerabilities with long path names in TinyDir
* Product: TinyDir <= 1.2.5
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2023-12-04
* CVE ID: CVE-2023-49287
* Severity: High – 7.7 – CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* Vendor URL: https://github.com/cxong/tinydir…

mingw-python-jinja2-3.1.5-1.fc40

FEDORA-2025-5f04326f4f Packages in this update: mingw-python-jinja2-3.1.5-1.fc40 Update description: Update to jinja2-3.1.5. Read More

January 8, 2025

mingw-python-jinja2-3.1.5-1.fc41

FEDORA-2025-dbe19a2b1f Packages in this update: mingw-python-jinja2-3.1.5-1.fc41 Update description: Update to jinja2-3.1.5. Read More

January 8, 2025

seamonkey-2.53.20-2.el8

FEDORA-EPEL-2025-ef6b6c8d41 Packages in this update: seamonkey-2.53.20-2.el8 Update description: Fix bookmarks restoring from file. Update to 2.53.20 Read More

January 8, 2025

seamonkey-2.53.20-2.fc40

FEDORA-2025-4945eb6eeb Packages in this update: seamonkey-2.53.20-2.fc40 Update description: Fix bookmarks restoring from file. Update to 2.53.20 Read More

January 8, 2025

seamonkey-2.53.20-2.fc41

FEDORA-2025-135cf1b7f3 Packages in this update: seamonkey-2.53.20-2.fc41 Update description: Fix bookmarks restoring from file. Update to 2.53.20 Read More

January 8, 2025

USN-7190-1: Tinyproxy vulnerability

It was discovered that Tinyproxy did not properly manage memory during the parsing of HTTP connection headers. An attacker could...

January 8, 2025

Casio Admits Security Failings as Attackers Leak Employee and Customer Data

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices

Fake Government Officials Use Remote Access Tools for Card Fraud

Google’s Willow Quantum Chip and Its Potential Threat to Current Encryption Standards

A Day in the Life of a Prolific Voice Phishing Crew

The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolution

New Research Highlights Vulnerabilities in MLOps Platforms

Moxa Urges Immediate Updates for Security Vulnerabilities

US Treasury Department Sanctions Chinese Company Over Cyberattacks

HNS-2023-04 – HN Security Advisory – Buffer overflow vulnerabilities with long path names in TinyDir

mingw-python-jinja2-3.1.5-1.fc40

mingw-python-jinja2-3.1.5-1.fc41

seamonkey-2.53.20-2.el8

seamonkey-2.53.20-2.fc40

seamonkey-2.53.20-2.fc41

USN-7190-1: Tinyproxy vulnerability