Fabian Keil

**Name of the Vulnerable Software and Affected Versions** Privoxy versions prior to 3.0.24 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid read and crash, via crafted chunk-encoded content. This is due to a problem in the remove chunked transfer coding function in filters.c. **Recommendations** For versions prior to 3.0.24, update to version 3.0.24 or later to resolve the issue. As a temporary workaround, consider restricting access to chunk-encoded content until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Privoxy versions prior to 3.0.24 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid read and crash, by sending an empty HTTP Host header. This is due to a problem in the client host function in parsers.c. **Recommendations** For versions prior to 3.0.24, update to version 3.0.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the client host function in parsers.c until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Privoxy versions prior to 3.0.23 **Description** The issue involves multiple unspecified vulnerabilities in the pcrs.c component of Privoxy. These vulnerabilities allow remote attackers to cause a denial of service, which can result in a segmentation fault or excessive memory consumption. The attacks are conducted via unspecified vectors. **Recommendations** For versions prior to 3.0.23, update to version 3.0.23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Antiword version 0.37 **Description** The issue is related to a buffer overflow in the `bGetPPS` function, located in the wordole.c file. This allows remote attackers to cause a denial of service, resulting in a crash, by using a crafted document. **Recommendations** For Antiword version 0.37, consider applying a patch or fix to address the buffer overflow issue in the `bGetPPS` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** geli encryption provider versions prior to r239184 on FreeBSD 10 **Description** The issue concerns a weak Master Key used by the geli encryption provider, making it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack. **Recommendations** For geli encryption provider versions prior to r239184 on FreeBSD 10, update to a version after r239184 to strengthen the Master Key and prevent brute-force attacks.