Giancarlo Canales Barreto

**Name of the Vulnerable Software and Affected Versions** Redcarpet versions prior to 3.3.2 **Description** The issue is a stack-based buffer overflow in the `header anchor` function within the HTML renderer. This allows attackers to cause a denial of service, potentially leading to a crash, and may also enable the execution of arbitrary code through unspecified vectors. **Recommendations** For versions prior to 3.3.2, update to version 3.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `header anchor` function in the HTML renderer until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Arduino JSON versions prior to 4.5 **Description** The issue allows remote attackers to cause a denial of service (crash) via a JSON string with a (backslash) followed by a terminator. This can trigger a buffer overflow and over-read, as demonstrated by "0". **Recommendations** For versions prior to 4.5, update to version 4.5 or later to resolve the issue.