Fcorleone

**Nome do software vulnerável e versões afetadas** FISCO-BCOS versão release-3.0.0-rc2 **Descrição** A vulnerabilidade permite que um nó malicioso faça com que os nós normais parem de produzir novos blocos e de processar novas solicitações de clientes, enviando uma proposta inválida com um cabeçalho inválido. **Recomendações** Para a versão FISCO-BCOS release-3.0.0-rc2, como solução temporária, considere restringir a capacidade de nós maliciosos de enviar propostas inválidas até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** FISCO-BCOS versão release-3.0.0-rc2 **Descrição** A vulnerabilidade permite que um nó malicioso provoque um estouro de inteiro, resultando em uma negação de serviço (DoS) por meio de um pacote de mensagem `viewchange` de tamanho anormalmente grande. **Recomendações** Para a versão release-3.0.0-rc2 do FISCO-BCOS, considere restringir o tamanho dos pacotes de mensagens `viewchange` para evitar que pacotes excepcionalmente grandes causem um estouro de inteiro e a consequente negação de serviço (DoS).

**Nome do software vulnerável e versões afetadas** FISCO-BCOS versão 3.0.0-rc2 **Descrição** A vulnerabilidade permite que um nó malicioso faça com que nós normais alterem excessivamente sua visão e parem de gerar blocos, enviando um pacote malicioso de alteração de visão. **Recomendações** Para a versão 3.0.0-rc2 do FISCO-BCOS, no momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.

**Nome do software vulnerável e versões afetadas: FISCO-BCOS versão 2.7.2 Descrição: O nó de blockchain no FISCO-BCOS pode apresentar um bug ao lidar com pacotes não formatados, levando a uma falha no sistema. Um nó malicioso pode enviar continuamente um pacote em um formato incorreto que não pode ser decodificado corretamente pelo nó, fazendo com que este consuma memória de forma contínua e entre em falha. Recomendações: Para o FISCO-BCOS versão 2.7.2, considere atualizar para uma versão mais recente que contenha uma correção para este problema, pois a versão atual pode estar sujeita a falhas devido a pacotes formatados incorretamente. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `pbc pattern pack` function in pattern.c. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `set field one` function in bootstrap.c when making a query. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `pbc pattern set default` function in pattern.c. **Recommendations** For versions prior to 2017-03-02, consider restricting access to the `pbc pattern set default` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `pbc rmessage message` function in rmessage.c. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a allows a buffer over-read to occur in the `pbc wmessage string` function within `wmessage.c`, specifically for `PTYPE ENUM`. **Recommendations** For versions prior to 2017-03-02, update to a version released after 2017-03-02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a NULL pointer dereference in the `pbc wmessage string` function within wmessage.c. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue was discovered in libpbc.a. A use-after-free can occur in the ` pbcM sp query` function in map.c. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `wiretype decode` function in `context.c`. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the set field one function in bootstrap.c during a memcpy operation. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** aubio version 0.4.6 **Description** An issue was discovered in aubio where a buffer over-read can occur in the `new aubio pitchyinfft` function in `pitch/pitchyinfft.c`. This issue is demonstrated by aubionotes and can occur when the samplerate of the input file is larger than 50kHz. **Recommendations** For aubio version 0.4.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aubio version 0.4.6 **Description** An issue was discovered in aubio where a SEGV signal can occur in the `aubio source avcodec readframe` function in `io/source avcodec.c`, as demonstrated by aubiomfcc. **Recommendations** For aubio version 0.4.6, consider disabling the `aubio source avcodec readframe` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** aubio version 0.4.6 **Description** An issue was discovered in aubio where a SEGV signal can occur in `aubio pitch set unit` in `pitch/pitch.c`, as demonstrated by aubionotes. **Recommendations** For aubio version 0.4.6, consider disabling the `aubio pitch set unit` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** THULAC through 2018-02-25 **Description** An issue in libthulac.so allows a NULL pointer dereference to occur in the BasicModel class, which is defined in include/cb model.h. **Recommendations** For versions through 2018-02-25, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** THULAC through 2018-02-25 **Description** An issue was discovered in libthulac.so, where "operator delete" is used with "operator new[]" in the `TaggingLearner` class in include/cb tagging learner.h, possibly leading to memory corruption. **Recommendations** For THULAC through 2018-02-25, consider updating to a version that fixes the memory corruption issue in the `TaggingLearner` class. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** THULAC through 2018-02-25 **Description** An issue in libthulac.so can cause a SEGV in NGramFeature::find bases, located in include/cb ngram feature.h. **Recommendations** For versions of THULAC through 2018-02-25, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** THULAC through 2018-02-25 **Description** A heap-based buffer over-read issue can occur in the NGramFeature::find bases function, located in include/cb ngram feature.h, within the libthulac.so library of THULAC. **Recommendations** For versions of THULAC through 2018-02-25, at the moment, there is no information about a newer version that contains a fix for this issue.