Mehdi Talbi

**Nome do Software Vulnerável e Versões Afetadas** Philips Hue Bridge (versões afetadas não especificadas) **Descrição** Um estouro de buffer baseado em heap existe no manipulador de comandos personalizados da pilha Zigbee. Este problema ocorre devido à validação insuficiente do tamanho dos dados antes de serem copiados para um buffer de heap de tamanho fixo durante o processamento de quadros Zigbee ZCL (Zigbee Cluster Library) personalizados na funcionalidade de download de informações do modelo. Atacantes adjacentes à rede podem explorar essa falha para executar código arbitrário no contexto do dispositivo. A exploração requer interação do usuário, especificamente que o usuário deve iniciar o processo de emparelhamento do dispositivo. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Canon imageCLASS MF644Cdw version 10.02 **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the CADM service, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this issue to execute code in the context of the service account. **Recommendations** For Canon imageCLASS MF644Cdw version 10.02, as a temporary workaround, consider disabling the CADM service until a patch is available. Restrict access to the CADM service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** bhyve (affected versions not specified) **Description** The e1000 network adapters allow modifications to Ethernet packets during transmission, including IP and TCP checksum insertion, Ethernet VLAN header insertion, and TCP segmentation offload. The e1000 device model uses an on-stack buffer to generate modified packet headers. When checksum offload is requested for a transmitted packet, the e1000 device model uses a guest-provided value to specify the checksum offset in the on-stack buffer, which was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which limits the impact of exploiting this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.