A curious search reveals that vulnerabilities that do exist are of 2 flavors. 1.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cogman10 11 days ago \| parent \| context \| favorite \| on: Security issues with electronic invoices A curious search reveals that vulnerabilities that do exist are of 2 flavors. 1. Standard C memory vulnerabilities 2. Unsafe file traversal while unzipping The entire second class is avoided in a fixed file format. The first class of vulnerabilities plague everything. A quick look at libxml2 CVEs shows that.

boston_clone 10 days ago [–]

and the zip bombs you mentioned! i keep a dummy SD card with one hehe.

but yeah the first class of vulns is why we have advice like don’t run untrusted input, which is not dissimilar to “don’t unzip untrusted payloads”.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact