hngopher.com

       [HN Gopher] CVE-2022-23088: Exploiting a Heap Overflow in the Fr...
       ___________________________________________________________________
        
       CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi
       Stack
        
       Author : todsacerdoti
       Score  : 86 points
       Date   : 2022-06-16 17:30 UTC (5 hours ago)
        
 (HTM) web link (www.thezdi.com)
 (TXT) w3m dump (www.thezdi.com)
        
       | theamk wrote:
       | Doesn't FreeBSD have KASLR? It would make thus attack much
       | harder.
        
         | rs_rs_rs_rs_rs wrote:
         | It does not have KASLR and it does not even have userland
         | binaries ASLR enabled by default(not that it matters for this
         | vulnerability).
         | 
         | https://twitter.com/wdormann/status/1528742791383334917
         | 
         | >It would make thus attack much harder
         | 
         | It won't make it much harder, just a teensy bit harder.
         | 
         | https://grsecurity.net/kaslr_an_exercise_in_cargo_cult_secur...
        
       | nazgulsenpai wrote:
       | Will be interesting to see if the PlayStation 4 jail breaking
       | community can find some use for this!
        
       | djcannabiz wrote:
       | Memory safe languages!!!!!
        
       | lukestateson wrote:
       | TIL: FreeBSD has wi-fi stack
       | 
       | /s
        
         | [deleted]
        
       ___________________________________________________________________
       (page generated 2022-06-16 23:00 UTC)