Monday 25 November 2013

ZDI-13-252 - Cogent DataHub Heap Overflow Remote Code Execution Vulnerability

Zero Day Initiative (ZDI) has published an advisory for a heap overflow vulnerability in Cogent DataHub which i have found few months ago. Full advisory can be read here ZDI-13-252.

Earlier this year i have also found some null pointer dereference bugs leading to a denial of service in DataHub. I will post some PoC's soon.