Hi Francisco, On Fri, Jul 10, 2026 at 02:18:49AM +0000, Francisco Vilmar Cardoso Ruviaro wrote: > Hello Salvatore Bonaccorso, > > On 2026-05-13 20:46, Salvatore Bonaccorso wrote: > > > The following vulnerabilities were published for bettercap. > > > > CVE-2026-8275[0]: > > | A vulnerability was detected in bettercap up to 2.41.5. Affected by > > | this vulnerability is the function ippReadChunkedBody of the file > > | modules/zerogod/zerogod_ipp_primitives.go of the component zerogod > > | IPP Service. Performing a manipulation results in integer coercion > > | error. The attack can be initiated remotely. The attack is > > | considered to have high complexity. The exploitation appears to be > > | difficult. The exploit is now public and may be used. The patch is > > | named 3731d5576cffae9eefe3721cd46a40933304129f. To fix this issue, > > | it is recommended to deploy a patch. > > > > The vulnerability is located in the "zerogod" module. However, this module was > introduced later in commit "51a5b4ad6ea917d40f92861fbc1afcfa5a9af6bb" > (Thu Sep 19 21:49:02 2024 +0200): > > https://github.com/bettercap/bettercap/commit/51a5b4ad6ea917d40f92861fbc1afcfa5a9af6bb > > Our package is based on the bettercap v2.33.0 release, corresponding to commit > "9937e797ae40a418ec40836d306af04beff017a4" (Fri Aug 9 11:25:32 2024 +0200): > > https://github.com/bettercap/bettercap/commit/9937e797ae40a418ec40836d306af04beff017a4 > > This commit predates the introduction of the "zerogod" module. As a result, > the > vulnerable code is not present in the version we package. > > Therefore, I believe this CVE is not applicable to our package.
Thanks a lot for the analysis. I have updated the security-tracker information. > > CVE-2026-8276[1]: > > | A flaw has been found in bettercap up to 2.41.5. Affected by this > > | issue is some unknown functionality of the file > > | modules/mysql_server/mysql_server.go of the component MySQL Server. > > | Executing a manipulation can lead to integer coercion error. The > > | attack can be launched remotely. The attack requires a high level of > > | complexity. The exploitation is known to be difficult. The exploit > > | has been published and may be used. This patch is called > > | 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to > > | implement a patch to correct this issue. > > > > > > This bug has already been addressed in our package. We have applied the > corresponding > patch in our packaging as commit 0df58045cd294e871fd3227526ac79997410ca00 in > Salsa. Thanks! FWIW, the issue does not warrrant a DSA, but if you have spare cycles, this might be fixed in a upcoming point release. In any case we marked the issue already as no-dsa. Regards, Salvatore

