tags:integer_overflowvmwareheap_overflow original link: CVE-2024-37079: VMware vCenter Server Integer Underflow Code Execution Vulnerability newsletter link: exploits.club Weekly Newsletter 36 - Regex Fuzzing, C++ Metadata, Kernel Streaming, And More


Exploits Club Summary:

 ZDI released a write-up this week detailing CVE-2024-37079, a integer underflow in VMware vCenter. The post starts with a quick overview of the software and some technical aspects that allow it to operate, namely DCERPC. It then examines how a specially crafted DCERPC can lead to an integer underflow. It’s a technically heavy post, but it’s worth a read.