Resumen de Nail: a practical tool for parsing and generating data formats

Binary file formats and network protocols are hard to parse safely: The libpng image decompression library had 24 remotely exploitable vulnerabilities from 2007 to 2013. According to CVEdetails, Adobe’s PDF and Flash viewers have been notoriously plagued by input processing vulnerabilities, and even the zlib compression library had input processing vulnerabilities in the past. Most of these attacks involve memory corruption—therefore, it is easy to assume that solving memory corruption will end all our woes when handling untrusted inputs.

Acceso de usuarios registrados

¿Es nuevo? Regístrese

Coordinado por: