{"id":24628,"date":"2025-11-04T12:42:27","date_gmt":"2025-11-04T12:42:27","guid":{"rendered":"http:\/\/localhost\/?p=24628"},"modified":"2025-11-04T12:42:27","modified_gmt":"2025-11-04T12:42:27","slug":"trufflehog-fade-in-and-bsafe-crypto-c-vulnerabilities","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=24628","title":{"rendered":"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026"},"content":{"rendered":"

{“lastseen”:”2025-11-04T18:24:19″,”description”:”![TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/10\/vuln-roundup-1.webp)\\n\\nCisco Talos’ Vulnerability Discovery \\u0026 Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting software, and one in Trufflehog.\\n\\nThe vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to _Cisco ‘s third-party vulnerability disclosure policy_.\\n\\nFor Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from _Snort.org_, and our latest Vulnerability Advisories are always posted on _Talos Intelligence ‘s website_.\\n\\n## **Fade In out-of-bounds write vulnerabilities**\\n\\n _Discovered by Piotr Bania of Cisco Talos._\\n\\nFade In is a cross-platform text handling software for screenwriters.\\n\\n_TALOS-2025-2250_ (CVE-2025-53855) is an out-of-bounds write vulnerability in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write.\\n\\n_TALOS-2025-2252_ (CVE-2025-53814) is a use-after-free vulnerability in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption.\\n\\n## **TruffleHog arbitrary code execution vulnerability**\\n\\n _Discovered by Adam Reiser of Cisco ASIG._\\n\\nTruffleHog is a detection system for code repositories and ticket systems that finds exposed sensitive information, such as API keys and passwords. This vulnerability is described in an _accompanying article_ on the Truffle Security website. The vuln is an arbitrary code execution vulnerability in the Git functionality of TruffleHog 3.90.2, _TALOS-2025-2243_ (CVE-2025-41390). A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious repository to trigger this vulnerability.\\n\\n## **Dell BSAFE integer overflow, underflow, and stack overflow vulnerabilities**\\n\\n _Discovered by Jason Crowder._\\n\\nDell BSAFE Crypto-C is FIPS-140 validated cryptography development kit for C\/C++ environments. In cooperation with Jason Crowder, Talos published three vulnerabilities in the Dell BSAFE Crypto-C module. This product is at end of service; the vulnerable versions were added to an existing CVE.\\n\\n_TALOS-2025-2140_ (CVE-2019-3728) is an integer overflow vulnerability, and _TALOS-2025-2141_ (CVE-2019-3728) is an integer underflow vulnerability. In both cases, a specially crafted ASN.1 record can lead to an out-of-bounds read. An attacker can provide a malformed ASN.1 record to trigger this vulnerability.\\n\\n_TALOS-2025-2142_ (CVE-2019-3728) is a stack overflow vulnerability. A specially crafted ASN.1 record can lead to denial of service.”,”published”:”2025-11-04T14:26:03″,”modified”:”2025-11-04T14:26:03″,”type”:”talosblog”,”title”:”TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities”,”source”:””,”references”:””,”id”:”TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2019-3728″,”CVE-2025-41390″,”CVE-2025-53814″,”CVE-2025-53855″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/trufflehog-fade-in-and-bsafe-crypto-c-vulnerabilities\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-11-04T18:24:19″,”description”:”![TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/10\/vuln-roundup-1.webp)\\n\\nCisco Talos’ Vulnerability Discovery \\u0026 Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,28,12,15,13,7,69,11,5],"class_list":["post-24628","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-news","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\nTruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=24628\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-11-04T18:24:19″,”description”:”![TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/10\/vuln-roundup-1.webp)nnCisco Talos’ Vulnerability Discovery u0026 Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=24628\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-04T12:42:27+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24628#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24628\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026\",\"datePublished\":\"2025-11-04T12:42:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24628\"},\"wordCount\":555,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.8\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"talosblog\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=24628#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24628\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24628\",\"name\":\"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-11-04T12:42:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24628#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=24628\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24628#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=24628","og_locale":"en_US","og_type":"article","og_title":"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026 - zero redgem","og_description":"{“lastseen”:”2025-11-04T18:24:19″,”description”:”![TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/10\/vuln-roundup-1.webp)nnCisco Talos’ Vulnerability Discovery u0026 Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting...","og_url":"https:\/\/zero.redgem.net\/?p=24628","og_site_name":"zero redgem","article_published_time":"2025-11-04T12:42:27+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=24628#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=24628"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026","datePublished":"2025-11-04T12:42:27+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=24628"},"wordCount":555,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.8","exploit","HIGH","news","Security","talosblog","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=24628#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=24628","url":"https:\/\/zero.redgem.net\/?p=24628","name":"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-11-04T12:42:27+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=24628#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=24628"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=24628#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities_TALOSBLOG:031A02B360D9C25F9DB34CF3EBE68026"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/24628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=24628"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/24628\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=24628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=24628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=24628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}