
An in-depth look at CVE-2018-8878 or why integer overflows are still a thing - jbaviat
https://blog.sqreen.io/buffer-under-read-ruby/
======
jbaviat
As a former security researcher, I am amazed that integer overflows are still
a thing in 2018, in the Ruby core - so probably everywhere... About 10 years
ago, integer overflow vulnerabilities were trending in the security community.
Plenty of nice vulnerabilities and exploits have been found with them - like
in all PDF readers, ... I guess when the momentum of such vulnerabilities goes
down, this class of bugs goes unnoticed. Secure programming is hard, it's too
bad we don't keep the learning we had in the past.

