Kang

**Name of the Vulnerable Software and Affected Versions** Samsung Blockchain Keystore versions prior to 1.3.13.5 **Description** The issue is related to a Protection Mechanism Failure in the bc tui trustlet, allowing a local attacker to execute arbitrary code. **Recommendations** For versions prior to 1.3.13.5, update to version 1.3.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Blockchain Keystore versions prior to 1.3.12.1 **Description** The issue is related to an Out-of-bounds Write vulnerability that occurs while processing the `BC TUI CMD SEND RESOURCE DATA` command in the `bc tui` trustlet. This vulnerability allows a local attacker to execute arbitrary code. **Recommendations** For versions prior to 1.3.12.1, update to version 1.3.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bc tui` trustlet to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Blockchain Keystore versions prior to 1.3.12.1 **Description** The issue is related to an Out-of-bounds Read while processing BC TUI CMD UPDATE SCREEN in the bc tui trustlet. This allows a local attacker to read arbitrary memory. **Recommendations** For versions prior to 1.3.12.1, update to version 1.3.12.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Blockchain Keystore versions prior to 1.3.12.1 **Description** The issue is related to an Out-of-bounds Read vulnerability that occurs while processing `CMD COLDWALLET BTC SET PRV UTXO` in the `bc core` trustlet. This allows a local attacker to read arbitrary memory. **Recommendations** For versions prior to 1.3.12.1, update to version 1.3.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bc core` trustlet to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.30 **Description** The issue is related to the coff pointerize aux function in the Binary File Descriptor (BFD) library, where an index is not validated. This allows remote attackers to cause a denial of service, potentially leading to a segmentation fault, or possibly have other unspecified impacts via a crafted file. For example, this can be demonstrated by objcopy of a COFF object. **Recommendations** For GNU Binutils version 2.30, consider updating to a newer version that addresses this issue, as the current version allows for potential denial of service or other impacts due to the lack of index validation in the coff pointerize aux function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.2.8 through 10.3.3 **Description** The issue allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume, due to the default protocol helper for the disk: URI. **Recommendations** For Mac OS X versions 10.2.8 through 10.3.3, consider disabling the default protocol helper for the disk: URI as a temporary workaround until a patch is available. Restrict access to mounting disk image files (.dmg) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Safari versions 1.2 and earlier **Description** The issue allows remote attackers to cause a denial of service by creating a new Array object with a large size value and then writing into that array. **Recommendations** For Safari versions 1.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.