Despite “well-documented” fixes, buffer overflow vulnerabilities are quite prevalent, CISA pointed out. “For these reasons — as well as the damage exploitation of these defects can cause — CISA, FBI, and others[1] designate buffer overflow vulnerabilities as unforgivable defects.”
Manufacturers are asked to refer to the methods outlined in the alert PDF issued with the advisory to prevent and mitigate buffer overflow defects, and software users are advised to demand secure products from them that include such preventions.
Microsoft, VMWare, Ivanti flaws called out
The feds highlighted a list of buffer overflow bugs affecting leading vendors like Microsoft, Ivanti, VMWare, Citrix and RedHat, ranging from high to critical severity, and some already having in-the-wild exploits.
_vska_Alamy_.jpg?disable=upscale&width=1200&height=630&fit=crop&w=332&resize=332,0&ssl=1 "Salt Typhoon’s Impact on the US and Beyond")
_vska_Alamy_.jpg?disable=upscale&width=1200&height=630&fit=crop&w=688&resize=688,387&ssl=1 "Salt Typhoon’s Impact on the US and Beyond")
