Mastodon Feed
Reblogged by kornel ("Kornel"):
iagox86@infosec.exchange ("Ron Bowes") wrote:
I love that the core vulnerability behind CVE-2023-4966 ("sensitive information disclosure" in Citrix NetScaler) was a misunderstanding of how a C API works.
It seems obvious that
snprintf()would return the number of bytes written to a string, but nope! It returns the number of bytes it wants to write to the string.Another one to look out for in BSidesSFCTF next year :)
My quick writeup: https://attackerkb.com/assessments/e85f5cd8-8d36-4bca-9261-a520a8b7aa6b
Based on Assetnote: https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966