Fumfel

**Nome do Software Vulnerável e Versões Afetadas** ModSecurity versões 3.0.0 até 3.0.14 **Descrição** Ocorre uma exceção não tratada (std::out of range) no libmodsecurity3 devido a um underflow de número inteiro não assinado. Este problema é acionado quando um administrador utiliza qualquer uma das seguintes regras: `@verifySSN`, `@verifyCPF` ou `@verifySVNR`. **Recomendações** Atualize para a versão 3.0.15. Como medida paliativa temporária, evite usar as regras `@verifySSN`, `@verifyCPF` e `@verifySVNR` até que a atualização seja aplicada.

Nome do Software Vulnerável e Versões Afetadas ImageMagick versões anteriores a 7.1.2-19 ImageMagick versões anteriores a 6.9.13-44 Descrição Um estouro de pilha no analisador de expressões FX permite que um invasor cause a interrupção do processo ao fornecer uma expressão profundamente aninhada. Recomendações Atualize para a versão 7.1.2-19. Atualize para a versão 6.9.13-44. Restrinja o acesso ao analisador de expressões FX vulnerável para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-17 ImageMagick versions prior to 6.9.13-42 **Description** ImageMagick is software used for editing and manipulating digital images. A bug exists in the `NewXMLTree` method that could cause a crash due to an out-of-bounds write of a single zero byte. **Recommendations** Update ImageMagick to version 7.1.2-17 or later. Update ImageMagick to version 6.9.13-42 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-18 ImageMagick versions prior to 6.9.13-43 **Description** ImageMagick is free and open-source software used for editing and manipulating digital images. Due to an incorrect return value on certain platforms, a pointer is incremented past the end of a buffer on the stack, potentially resulting in an out-of-bounds write. The issue occurs when a specific function returns an incorrect value, leading to memory corruption. **Recommendations** Versions prior to 7.1.2-18 should be updated to version 7.1.2-18 or later. Versions prior to 6.9.13-43 should be updated to version 6.9.13-43 or later.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.6.0 **Description** The issue is a heap out of bounds read in the `java switch op()` function, located in `anal java.c`, which can be triggered by a crafted Java binary file. **Recommendations** For radare2 version 2.6.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.6.0 **Description** The issue is related to a use after free in the `r anal bb free()` function, located in `libr/anal/bb.c`, which can be triggered by a crafted Java binary file. **Recommendations** For radare2 version 2.6.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.6.0 **Description** The issue is a heap out of bounds read in the ` 6502 op()` function, located in `libr/anal/p/anal 6502.c`, which can be triggered by a crafted iNES ROM binary file. **Recommendations** For radare2 version 2.6.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.5.0 **Description** The issue concerns a denial of service caused by a heap-based out-of-bounds read and application crash. This can be triggered by remote attackers via a crafted Mach-O file, specifically affecting the parse import ptr() function. **Recommendations** For radare2 version 2.5.0, as a temporary workaround, consider disabling the parse import ptr() function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.5.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a heap-based out-of-bounds read and application crash, via a crafted ELF file. This is due to a problem in the `r read le32()` function. **Recommendations** For radare2 version 2.5.0, consider avoiding the use of the `r read le32()` function until a patch is available. As a temporary workaround, restrict the processing of crafted ELF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.5.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a heap-based out-of-bounds read and application crash, via a crafted ELF file. This is due to a problem in the sh op() function. **Recommendations** For radare2 version 2.5.0, as a temporary workaround, consider disabling the sh op() function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.5.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid free and application crash, via a crafted ELF file. This is due to an uninitialized variable in the CPSE handler in libr/anal/p/anal avr.c. **Recommendations** For radare2 version 2.5.0, consider avoiding the use of the `r strbuf fini()` function until a patch is available. As a temporary workaround, restrict the processing of crafted ELF files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.5.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a heap-based out-of-bounds read and application crash, via a crafted binary file. This is due to a problem in the ` inst sts()` function. **Recommendations** For radare2 version 2.5.0, as a temporary workaround, consider disabling the ` inst sts()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libr (affected versions not specified) **Description** The issue is related to the wasm dis() function in libr/asm/arch/wasm/wasm.c, which may be impacted by a crafted WASM file, potentially leading to unspecified consequences. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, or possibly have other unspecified impacts through a crafted ELF file. This is due to an invalid write in the `r read le16` function when handling a maliciously crafted file. **Recommendations** For radare2 version 2.0.0, consider avoiding the use of the `store versioninfo gnu verdef` function in libr/bin/format/elf/elf.c until a patch is available. As a temporary workaround, restrict the processing of untrusted ELF files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a stack-based buffer over-read and application crash, or possibly have other unspecified impacts. This is achieved through a crafted WASM file that triggers an incorrect `r hex bin2str` call. **Recommendations** For radare2 version 2.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6 **Description** The issue allows remote attackers to cause a denial of service, which is a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted SVG document. **Recommendations** For ImageMagick version 7.0.6, update to a version that fixes the GetNextToken issue in MagickCore/token.c to prevent a heap-based buffer overflow and application crash. As a temporary workaround, consider avoiding the use of crafted SVG documents until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-10 **Description** The issue is related to a heap-based buffer overflow in the `TracePoint()` function, located in MagickCore/draw.c. **Recommendations** For ImageMagick version 7.0.6-10, consider updating to a newer version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6 **Description** The issue is related to the TIFFSetProfiles function in the coders/tiff.c component of ImageMagick, which has incorrect expectations about data validation. This allows remote attackers to cause a denial of service, resulting in a use-after-free and application crash, via a crafted file. The vulnerability is also described as allowing an attacker to exploit a use-after-free condition, leading to a denial of service. **Recommendations** For ImageMagick version 7.0.6, consider avoiding the use of the TIFFSetProfiles function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruby versions 2.4.1 **Description** The issue is related to a buffer overflow in the `parser yyerror` function of the UTF-8 parser in the Ruby interpreter. This can be exploited by a remote attacker using a specially crafted Ruby script that interacts with the `parser tokadd utf8` function, potentially leading to a denial of service or bypassing the $SAFE protection mechanism. **Recommendations** For Ruby version 2.4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radare2 version 1.5.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. This can be achieved by using a crafted binary file. The problem is related to the `grub memmove` function and possibly a read overflow in the `grub disk read small real` function. **Recommendations** For radare2 version 1.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.