CVE-2025-31160 Atop 2.11 heap problems

echoangle · 2025-03-29T21:39:51 1743284391

"Problems with the heap" - https://news.ycombinator.com/item?id=43485980

unsnap_biceps · 2025-03-29T21:53:45 1743285225

It's unfortunate that Unix sockets isn't being used for local connections like this.

yjftsjthsd-h · 2025-03-29T21:39:07 1743284347

Ah, there's the other shoe:)

> optional sources, that have to be activated explicitly.

So only locally exploitable, and you have to enable an optional feature? That's ... honestly better than I was worried that it might be

dgacmu · 2025-03-29T21:55:09 1743285309

No. Local but it always tries to connect and the deamon to which it tries to connect is optional, which means that the default is attackable. An attacker can run their own program on the port and send bad strings that will cause an overflow.

MattPalmer1086 · 2025-03-29T21:50:50 1743285050

The fix is to make it optional.

But yeah, I was anticipating something quite a bit worse.

mvdtnz · 2025-03-29T21:57:20 1743285440

Did you stop reading at that sentence?

immibis · 2025-03-29T21:43:39 1743284619

> always tries to connect

（评论） (comments)

（评论）
(comments)