Java decompiler (jad) 1.5.8e – Stack-based buffer overflow analysis and PoC

This is an analysis of a vulnerability discovered by Juan Sacco. The vulnerability has no given CVE ID.

The interesting fact here is that at the time of writing, the latest version for linux-based systems is the vulnerable version.

Continue reading

Technical analysis of CVE-2014-0160 (Heartbleed) OOB read

Introduction

This will be a short technical analysis of CVE-2014-0160, or it’s well-known name OpenSSL Heartbleed.

Yes, it is a bit old… but the goal of this blog is not security advisory, it is to analyze past and present vulnerabilities for educational purposes, so let’s start…

Continue reading