Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities
好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内,而且不需要特定的开头。首先,我得仔细阅读用户提供的文章内容,了解主要信息。 文章提到Cisco Talos团队披露了三个项目中的漏洞:Biosig Project Libbiosig、Grassroot DiCoM和Smallstep step-ca。每个项目都有不同的漏洞类型和影响。例如,Biosig有堆栈溢出漏洞,可能导致代码执行;Grassroot有三个越界读取漏洞,可能导致信息泄露;Smallstep有认证绕过漏洞,可能被攻击者滥用。 接下来,我需要将这些信息浓缩到100字以内。要注意关键点:团队名称、漏洞数量、项目名称以及每个漏洞的主要影响。同时,要确保语言简洁明了。 可能会这样组织句子:“Cisco Talos团队披露了Biosig Project Libbiosig、Grassroot DiCoM和Smallstep step-ca中的多个漏洞。这些漏洞包括堆栈溢出、越界读取和认证绕过问题,可能导致代码执行、信息泄露或证书滥用风险。” 这样既涵盖了主要项目和漏洞类型,又控制了字数。 最后检查一下是否符合用户的要求:没有使用特定的开头词,内容准确且简洁。 </think> Cisco Talos团队披露了Biosig Project Libbiosig、Grassroot DiCoM和Smallstep step-ca中的多个漏洞。这些漏洞包括堆栈溢出、越界读取和认证绕过问题,可能导致代码执行、信息泄露或证书滥用风险。 2025-12-17 21:16:38 Author: blog.talosintelligence.com(查看原文) 阅读量:1 收藏

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca.

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy, except for Grassroot, as the DiCoM vulnerabilities are zero-days.

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.     

Libbiosig vulnerability

Discovered by Mark Bereza of Cisco Talos.

BioSig is an open source software library for biomedical signal processing. The BioSig Project seeks to encourage research in biomedical signal processing by providing open source software tools.

TALOS-2025-2296 (CVE-2025-66043-CVE-2025-66048) includes several stack-based buffer overflow vulnerabilities in the MFER parsing functionality of the Biosig Project libbiosig 3.9.1. An attacker can supply a specially crafted MFER file to trigger these vulnerabilities, possibly leading to arbitrary code execution.

Discovered by Emmanuel Tacheau of Cisco Talos.

Grassroots DiCoM is a C++ library for DICOM medical files, accessible from Python, C#, Java, and PHP. It supports RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. Talos found three out-of-bounds read vulnerabilities in DiCoM. An attacker can provide a malicious file to trigger these vulnerabilities.

Smallstep step-ca vulnerabilities

Discovered by Stephen Kubik of the Cisco Advanced Security Initiatives Group (ASIG).

Smallstep step-ca is a TLS-secured online Certificate Authority (CA) for X.509 and SSH certificate management. TALOS-2025-2242 (CVE-2025-44005) is an authentication bypass vulnerability in step-ca. An attacker can bypass authorization checks and force a Step-CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.


文章来源: https://blog.talosintelligence.com/libbiosig-grassroot-dicom-smallstep-step-ca-vulnerabilities/
如有侵权请联系:admin#unsafe.sh