SBA master student discovers flaw in Ruby on Rails
Rails 3.0.5 doesn’t validate the input for the X-Forwarded-For field in the header sent by clients with a class C remote-addr. (see: TRUSTED_PROXIES). (Security Focus, more details…)
News
SBA Newsletter
Upcoming events @ SBA
SHECURITY: Pizza & Conference Talks
17.07.2025
ARES 2025
11.08.2025 - 14.08.2025
SBA Research at a glance
Young Researchers´ Day @ ICT Security Conference 2025 – Recap
A group of dedicated young researchers presented their work at the 21st ICT Security Conference on… ∞
Detection of Null Pointer Dereference in MediaTek VoLTE Stack Firmware with sipgate and ISMK Stralsund
Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. ∞
SBA Security Advisory – Null pointer dereference in MediaTek Modem (CVE-2025-20647)
In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. ∞