https://blog.kalfaoglu.net/tags/sysadmin/Recent content in Sysadmin on kalfaoglu.netHugoenSat, 09 May 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-05-09-mariadb-cve-2026-32710-json-schema-en/Sat, 09 May 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-05-09-mariadb-cve-2026-32710-json-schema-en/<p>A heap buffer overflow in MariaDB&rsquo;s <code>JSON_SCHEMA_VALID()</code> function went unnoticed for years — until AI-assisted code analysis flagged it earlier this year. The flaw, now tracked as <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-32710">CVE-2026-32710</a>, was <a href="https://securityonline.info/mariadb-json-schema-validation-buffer-overflow-vulnerability-cve-2026-32710/">disclosed on March 19, 2026</a>, and patches landed the same day. If your server runs MariaDB 11.4.x or 11.8.x and you haven&rsquo;t applied the update yet, this is the one to prioritise this week.</p> <h2 id="what-the-bug-actually-does">What the Bug Actually Does</h2> <p>The problem lives in <code>json_get_normalized_string()</code> inside <code>sql/json_schema_helper.cc</code>. The function allocates a fixed 128-byte heap buffer and then copies a JSON string value into it using <code>strncpy</code> — without first checking whether the value fits. If an attacker crafts a JSON schema with a string field longer than that buffer, the heap overflows.</p>https://blog.kalfaoglu.net/posts/2026-05-07-postfix-3112-cve-2026-43964-en/Thu, 07 May 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-05-07-postfix-3112-cve-2026-43964-en/<p>On May 4, 2026, Wietse Venema released Postfix 3.11.2, 3.10.9, 3.9.10, and 3.8.16. If you run a mail server, this is the update you actually want to read — not because the CVSS score is alarming (it isn&rsquo;t), but because one of the bugs patched in this release has been sitting in the codebase since 2005.</p> <h2 id="the-cve-worth-knowing-about">The CVE Worth Knowing About</h2> <p><a href="https://cve.threatint.eu/CVE/CVE-2026-43964">CVE-2026-43964</a> is an off-by-one error in how Postfix handles enhanced status codes. If an SMTP access table, policy server, DNSBL response, or milter returns a bare status code — something like <code>5.7.2</code> without any text following it — the daemon reads past the end of the allocated buffer. The result is a process crash.</p>https://blog.kalfaoglu.net/posts/2026-05-06-apache-http2-cve-2026-23918-en/Wed, 06 May 2026 00:00:00 +0000https://blog.kalfaoglu.net/posts/2026-05-06-apache-http2-cve-2026-23918-en/<p>A memory-corruption bug in Apache HTTP Server&rsquo;s HTTP/2 implementation was publicly disclosed this week, and the details are ugly enough that you should stop reading this sentence and go check your Apache version right now. Done? Good. Let&rsquo;s talk about what&rsquo;s actually going on.</p> <h2 id="the-bug">The Bug</h2> <p><a href="https://app.opencve.io/cve/CVE-2026-23918">CVE-2026-23918</a> is a double-free vulnerability in <code>mod_http2</code>, specifically in the stream cleanup path of Apache httpd 2.4.66. A double-free happens when code tries to release the same chunk of memory twice &mdash; a classic mistake that corrupts internal allocator state and typically leads to crashes, and sometimes worse.</p>