Maksymilian Arciemowicz

**Nome do software vulnerável e versões afetadas** libc (versões afetadas não especificadas) **Descrição** O problema está relacionado à função regcomp na implementação BSD da libc, que está vulnerável a ataques de negação de serviço devido ao esgotamento da pilha. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.14.2 Description: A memory corruption issue was addressed with improved memory handling. Recommendations: For versions prior to 10.14.2, update to macOS Mojave 10.14.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 tvOS versions prior to 10.1 watchOS versions prior to 3.1.1 **Description** The issue involves the `Profiles` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted certificate profile. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned outcomes. **Recommendations** For iOS versions prior to 10.2, update to version 10.2 or later. For tvOS versions prior to 10.1, update to version 10.1 or later. For watchOS versions prior to 3.1.1, update to version 3.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 macOS versions prior to 10.12.2 watchOS versions prior to 3.1.3 **Description** The issue involves the Security component, which allows remote attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs. This is due to insufficient input validation. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For iOS versions prior to 10.2, update to version 10.2 or later. For macOS versions prior to 10.12.2, update to version 10.12.2 or later. For watchOS versions prior to 3.1.3, update to version 3.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 Apple tvOS versions prior to 9.1 Apple watchOS versions prior to 2.1 **Description** The issue is caused by a buffer overflow in the libc component of the operating systems, which allows remote attackers to execute arbitrary code via a crafted package. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later. For Apple tvOS versions prior to 9.1, update to version 9.1 or later. For Apple watchOS versions prior to 2.1, update to version 2.1 or later.

**Name of the Vulnerable Software and Affected Versions** tnftpd (formerly lukemftpd) versions prior to 10.11 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory consumption and daemon outage, by sending a STAT command with a crafted pattern. This can be achieved by including multiple instances of the `{..,..,..}/*` substring in the command. **Recommendations** For versions prior to 10.11, update to version 10.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the STAT command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10 **Description** A heap-based buffer overflow issue exists in the kernel of Apple OS X, allowing physically proximate attackers to execute arbitrary code. This is achieved by crafting resource forks in an HFS filesystem. **Recommendations** For Apple OS X versions prior to 10.10, update to version 10.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X version 10.9 **Description** The issue allows local users to cause a denial of service, resulting in memory corruption or panic, by creating a hard link to a directory. This problem exists due to an incomplete fix for a previous issue. **Recommendations** For Apple Mac OS X version 10.9, consider restricting the ability to create hard links to directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHP version 5.3.8 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This can be achieved by providing crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects. **Recommendations** For PHP version 5.3.8, consider avoiding the use of the `tidy diagnose` function until a patch is available. As a temporary workaround, restrict the input to the Tidy::diagnose operations to prevent the application from processing invalid objects.

**Name of the Vulnerable Software and Affected Versions** PHP version 5.3.8 **Description** The issue is related to the zend strndup function not always checking its return value, potentially allowing remote attackers to cause a denial of service through a NULL pointer dereference and application crash. This could be achieved by providing crafted input to an application that performs strndup operations on untrusted string data. The affected functions include the define function in zend builtin functions.c, and unspecified functions in ext/soap/php sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com dotnet/com typeinfo.c, and main/php open temporary file.c. **Recommendations** For PHP version 5.3.8, consider updating to a newer version to mitigate the risk, as the current version does not properly handle return values from the zend strndup function, leading to potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions prior to 2.2.21 **Description** The issue arises when the mod proxy ajp module is used in conjunction with mod proxy balancer in specific configurations, allowing remote attackers to cause a temporary denial of service in the backend server. This can be achieved by sending certain malformed HTTP requests, which puts the backend server into an error state until the retry timeout expires. **Recommendations** For Apache HTTP Server versions prior to 2.2.21, update to version 2.2.21 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mod proxy ajp module when used with mod proxy balancer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vsftpd versions prior to 2.3.3 **Description** The issue allows remote authenticated users to cause a denial of service, consuming all CPU and exhausting process slots, through crafted glob expressions in STAT commands in multiple FTP sessions. This can lead to disruption of protected information availability. The exploitation can be carried out remotely. **Recommendations** For versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `vsf filename passes filter` function in `ls.c` to minimize the risk of exploitation. Avoid using crafted glob expressions in STAT commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 6.6 p1-r1 OpenSSH version 5.8 and earlier **Description** The issue affects the openssh package in Gentoo Linux and other products, allowing remote exploitation that may lead to breaches of confidentiality, integrity, and availability of protected information. Specifically, the remote glob function in sftp-glob.c and the process put function in sftp.c in OpenSSH 5.8 and earlier allow remote authenticated users to cause a denial of service via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH FXP STAT requests to an sftp daemon. **Recommendations** For OpenSSH versions prior to 6.6 p1-r1, update to version 6.6 p1-r1 or later to resolve the issue. For OpenSSH version 5.8 and earlier, consider disabling the remote glob function and the process put function as a temporary workaround until a patch is available. Restrict access to the sftp daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 7.3 through 8.1 NetBSD version 5.0.2 OpenBSD version 4.7 Apple Mac OS X versions prior to 10.6.8 **Description** The issue allows remote authenticated users to cause a denial of service, consuming CPU and memory resources, via crafted glob expressions that do not match any pathnames. This can be demonstrated by using glob expressions in STAT commands to an FTP daemon. **Recommendations** For FreeBSD versions 7.3 through 8.1, consider restricting access to the glob implementation until a patch is available. For NetBSD version 5.0.2, avoid using crafted glob expressions in STAT commands to an FTP daemon. For OpenBSD version 4.7, restrict access to the glob implementation to minimize the risk of exploitation. For Apple Mac OS X versions prior to 10.6.8, update to version 10.6.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP version 5.3.5 **Description** The issue allows context-dependent attackers to cause a denial of service, resulting in a crash, by providing an invalid size argument to the `grapheme extract` function in the Internationalization extension (Intl) for ICU. This invalid argument triggers a NULL pointer dereference. **Recommendations** For PHP version 5.3.5, consider updating to a newer version that contains a fix for this issue to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** GNU C Library (aka glibc or libc6) versions 2.11.3 and earlier GNU C Library (aka glibc or libc6) versions 2.12.x through 2.12.2 **Description** A stack consumption issue in the regcomp implementation allows context-dependent attackers to cause a denial of service via a regular expression containing adjacent repetition operators. This can be demonstrated by a sequence such as `{10,}{10,}{10,}{10,}` in the proftpd.gnu.c exploit for ProFTPD. **Recommendations** For GNU C Library (aka glibc or libc6) versions 2.11.3 and earlier, update to a version later than 2.11.3 to resolve the issue. For GNU C Library (aka glibc or libc6) versions 2.12.x through 2.12.2, update to a version later than 2.12.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GNU C Library (glibc or libc6) versions 2.11.3 and earlier, 2.12.x through 2.12.2 **Description** The issue is related to the regcomp implementation, which allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE DUP MAX limitation. This can be exploited by using regular expressions with specific sequences, such as `{10,}{10,}{10,}{10,}{10,}`, to cause an application crash. The vulnerability is associated with errors in resource management and code errors, allowing a remote attacker to cause a denial of service (resource exhaustion) using regular expressions with repetition operators. **Recommendations** For GNU C Library (glibc or libc6) versions 2.11.3 and earlier, update to a version later than 2.11.3 to resolve the issue. For GNU C Library (glibc or libc6) versions 2.12.x through 2.12.2, update to a version later than 2.12.2 to resolve the issue. As a temporary workaround, consider restricting the use of regular expressions with repetition operators to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP versions 5.3.3 and earlier **Description** The issue is related to an integer overflow in the `NumberFormatter::getSymbol` (also known as `numfmt get symbol`) function. This allows context-dependent attackers to cause a denial of service, resulting in an application crash, by providing an invalid argument. **Recommendations** For PHP versions 5.3.3 and earlier, consider upgrading to a version where this issue is fixed, as using an invalid argument in the `NumberFormatter::getSymbol` function can lead to a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP versions 5.2.x through 5.2.14 PHP versions 5.3.x through 5.3.3 **Description** The issue allows context-dependent attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted ZIP archive. This is related to the `ZipArchive::getArchiveComment` function. **Recommendations** For PHP versions 5.2.x through 5.2.14, update to a version outside of this range to resolve the issue. For PHP versions 5.3.x through 5.3.3, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OPIE versions 2.4.1-test1 and earlier **Description** The issue is related to an off-by-one error in the ` opiereadrec` function in `readrec.c` in `libopie`. This error can be exploited by remote attackers to cause a denial of service, potentially leading to a daemon crash, or possibly execute arbitrary code. The exploitation can be achieved via a long `username` by sending a long USER command, for example, to the FreeBSD `ftpd`. Additionally, there are multiple vulnerabilities in the OPIE package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For OPIE versions 2.4.1-test1 and earlier, consider updating to a version that fixes the off-by-one error in the ` opiereadrec` function to prevent potential denial of service or arbitrary code execution. As a temporary workaround, consider restricting the length of the `username` parameter to prevent exploitation until a patch is available. Restrict access to the `ftpd` service to minimize the risk of remote exploitation.