Erik Bray

**Name of the Vulnerable Software and Affected Versions** Cygwin versions 1.7.2 through 1.8.0 **Description** The issue is related to a buffer overflow vulnerability in the `wcsxfrm` and `wcsxfrm l` functions. This can result in a denial-of-service by crashing the process or potentially allow hijacking of the process running with administrative privileges. The vulnerability can be triggered by a specially crafted input string. **Recommendations** For Cygwin versions 1.7.2 through 1.8.0, consider updating to a version that includes a fix for the buffer overflow vulnerability in the `wcsxfrm` and `wcsxfrm l` functions. As a temporary workaround, restrict the use of these functions to minimize the risk of exploitation.