Maor Caplan

**Name of the Vulnerable Software and Affected Versions** wolfSSL (affected versions not specified) **Description** A stack buffer overflow issue exists in the PKCS7 SignedData encoding functionality of wolfSSL. Specifically, the `wc PKCS7 BuildSignedAttributes()` function incorrectly calculates the capacity value passed to the `EncodeAttributes()` function when adding custom signed attributes. This leads to writing beyond the bounds of the `signedAttribs[7]` array, resulting in stack memory corruption. In builds utilizing a small stack, this can manifest as heap corruption. Successful exploitation requires an application that permits untrusted input to control the size of the `signedAttribs` array when calling `wc PKCS7 EncodeSignedData()` or related signing functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CASL Ability versions 2.4.0 through 6.7.4 **Description** CASL Ability contains a prototype pollution vulnerability. This issue affects versions 2.4.0 through 6.7.4. Prototype pollution occurs when an attacker manipulates the properties of JavaScript objects, potentially leading to denial of service or unauthorized access. **Recommendations** Update CASL Ability to a version later than 6.7.4.