Agostino Sarubbo

**Nome do software vulnerável e versões afetadas** Versões do Apache Tomcat 11.0.0-M1 a 11.0.1 Versões do Apache Tomcat 10.1.0-M1 a 10.1.33 Versões do Apache Tomcat 9.0.0.M1 a 9.0.97 **Descrição** O problema está relacionado a uma vulnerabilidade de consumo descontrolado de recursos no aplicativo web de exemplos fornecido com o Apache Tomcat, levando a uma negação de serviço. Isso pode ser explorado por um invasor remoto para causar uma interrupção do serviço. **Recomendações** Para as versões do Apache Tomcat 11.0.0-M1 a 11.0.1, atualize para a versão 11.0.2. Para as versões do Apache Tomcat 10.1.0-M1 a 10.1.33, atualize para a versão 10.1.34. Para as versões do Apache Tomcat 9.0.0.M1 a 9.0.97, atualize para a versão 9.0.98.

**Name of the Vulnerable Software and Affected Versions** zchunk versions prior to 1.3.2 **Description** The issue is related to integer overflows in components such as lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. This can be exploited via malformed zchunk files, potentially allowing a local attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of malformed zchunk files to minimize the risk of exploitation. Avoid using the vulnerable components until a patch is available.

**Nome do software vulnerável e versões afetadas** re2c versão 1.3 **Descrição** O problema é um estouro de buffer baseado em heap na função `Scanner::fill`, localizada em `parse/scanner.cc`, que pode ser desencadeado por um lexema longo. **Recomendações** Para a versão 1.3 do re2c, considere restringir o comprimento da entrada para evitar o estouro de buffer até que um patch esteja disponível. Como solução temporária, evite usar lexemas longos na função `Scanner::fill` para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Monkeyd (affected versions not specified) **Description** The issue concerns the web server Monkeyd, which produces a world-readable log file located at /var/log/monkeyd/master.log on Gentoo systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.29 **Description** The issue is related to the handling of NULL files in a .debug line file table in the Binary File Descriptor (BFD) library, which can cause a denial of service due to a NULL pointer dereference and application crash when processing a crafted ELF file. This is related to the `concat filename` function. **Recommendations** For GNU Binutils version 2.29, consider updating to a newer version that includes a complete fix for this issue, as the current version contains an incomplete fix.

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29 Description: The issue is related to the dwarf2.c component in the Binary File Descriptor (BFD) library, which does not validate the DW AT name data type. This allows remote attackers to cause a denial of service via a crafted ELF file, potentially resulting in a NULL pointer dereference, out-of-bounds access, or application crash. The exploitation is related to the `scan unit for symbols` and `parse comp unit` functions. Recommendations: For GNU Binutils version 2.29, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of the `dwarf2.c` component or avoid processing untrusted ELF files until a patch is available.

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29 Description: The issue is related to the dwarf1.c component in the Binary File Descriptor (BFD) library, which mishandles pointers and allows remote attackers to cause a denial of service or possibly have other impacts via a crafted ELF file. This is related to the `parse die` and `parse line table` functions, as demonstrated by a heap-based buffer over-read. The exploitation of this issue can allow an attacker to access confidential data, disrupt its integrity, and cause a denial of service using a specially crafted ELF file. Recommendations: For GNU Binutils version 2.29, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of the `dwarf1.c` component or the `parse die` and `parse line table` functions to minimize the risk of exploitation. Avoid using specially crafted ELF files that could trigger the buffer over-read vulnerability.

**Name of the Vulnerable Software and Affected Versions** BladeEnc version 0.94.2 **Description** A global buffer overflow was discovered in the `iteration loop` function, which causes an out-of-bounds write. This issue can lead to remote denial of service or possibly code execution. **Recommendations** For BladeEnc version 0.94.2, consider disabling the `iteration loop` function in loop.c as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: GNU Binutils versions 2.29 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in excessive memory allocation and an application crash, via a crafted ELF file. This is due to the ` bfd elf slurp version tables` function in the `elf.c` component of the Binary File Descriptor (BFD) library, which permits unlimited memory allocation. Recommendations: For GNU Binutils versions 2.29 and earlier, consider updating to a version later than 2.29 to resolve the issue. As a temporary workaround, consider restricting the use of the ` bfd elf slurp version tables` function in the `elf.c` component until a patch is available. Avoid processing crafted ELF files with the affected GNU Binutils versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** A heap-based buffer over-read was discovered in the `AP4 BitStream::ReadBytes` function in `Codecs/Ap4BitStream.cpp`. This issue causes an application crash, leading to a remote denial of service. **Recommendations** For Bento4 version 1.5.0-617, consider updating to a newer version that addresses this issue, as the current version is affected by the heap-based buffer over-read vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29 and earlier Description: The issue is related to a length calculation mishandling in the `decode line info` function within the `dwarf2.c` component of the Binary File Descriptor (BFD) library, also known as `libbfd`. This allows remote attackers to cause a denial of service, specifically a heap-based buffer over-read and application crash, by providing a crafted ELF file. The problem is associated with the `read 1 byte` function. Recommendations: For GNU Binutils version 2.29 and earlier, consider updating to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29 Description: The issue is related to a buffer overflow in the elf32-i386.c and elf64-x86-64.c components of GNU Binutils. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted ELF file. The * get synthetic symtab functions in the Binary File Descriptor (BFD) library do not ensure a unique PLT entry for a symbol, leading to a heap-based buffer overflow and application crash. Recommendations: For GNU Binutils version 2.29, consider disabling the * get synthetic symtab functions as a temporary workaround until a patch is available. Restrict access to the elf32-i386.c and elf64-x86-64.c components to minimize the risk of exploitation. Avoid using crafted ELF files that could trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** A heap-based buffer overflow was discovered in the AP4 HdlrAtom class, causing an out-of-bounds write. This issue can lead to remote denial of service or possibly code execution. **Recommendations** For Bento4 version 1.5.0-617, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP3Gain version 1.5.2 **Description** A stack-based buffer over-read was discovered in the `dct36` function in `layer3.c` in `mpglibDBL`, which is used in MP3Gain. This issue causes an application crash, leading to a remote denial of service. **Recommendations** For MP3Gain version 1.5.2, consider disabling the `dct36` function in `layer3.c` as a temporary workaround to prevent the application crash until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MP3Gain version 1.5.2 **Description** A buffer overflow was discovered in the `III dequantize sample` function in `layer3.c` in `mpglibDBL`, which is used in MP3Gain. This issue causes an out-of-bounds write, potentially leading to remote denial of service or possibly code execution. **Recommendations** For MP3Gain version 1.5.2, consider disabling the `III dequantize sample` function in `layer3.c` as a temporary workaround until a patch is available. Restrict access to the `mpglibDBL` library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP3Gain version 1.5.2 **Description** A stack-based buffer over-read was discovered in the `filterYule` function in `gain analysis.c`, causing an application crash that leads to a remote denial of service. **Recommendations** For MP3Gain version 1.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP3Gain version 1.5.2 **Description** A NULL pointer dereference was discovered in the `sync buffer` function in `interface.c` in `mpglibDBL`, which is used in MP3Gain. This issue causes a segmentation fault and application crash, leading to a remote denial of service. **Recommendations** For MP3Gain version 1.5.2, consider disabling the `sync buffer` function in `interface.c` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP3Gain version 1.5.2 **Description** A buffer over-read was discovered in the `III i stereo` function in `layer3.c` in `mpglibDBL`, which is used in MP3Gain. This issue causes an application crash, leading to a remote denial of service. **Recommendations** For MP3Gain version 1.5.2, consider disabling the `III i stereo` function in `layer3.c` as a temporary workaround to prevent the application crash until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MP3Gain version 1.5.2 **Description** A denial of service issue was found due to an invalid memory write in the `copy mp` function in `interface.c` in `mpglibDBL`, which is used by MP3Gain. This issue can cause a segmentation fault and application crash, and may have other unspecified impacts. **Recommendations** For MP3Gain version 1.5.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP3Gain version 1.5.2 **Description** A stack-based buffer overflow was discovered in the `copy mp` function in `interface.c` in `mpglibDBL`, which is used in MP3Gain. This issue causes an out-of-bounds write, potentially leading to remote denial of service or possibly code execution. **Recommendations** For MP3Gain version 1.5.2, consider disabling the `copy mp` function in `interface.c` as a temporary workaround until a patch is available. Restrict access to the `mpglibDBL` library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.