Pip-Izony

**Name of the Vulnerable Software and Affected Versions** Cesanta MJS versions 2.20.0 through 2.22.0 **Description** The issue is related to an out-of-bounds read in the `getprop builtin foreign` function when a Built-in API name occurs in a substring of an input string. This can lead to a buffer overflow, allowing attackers to execute arbitrary code, cause a denial of service, and obtain sensitive information. A segmentation fault can occur when the input string includes a name of Built-in APIs. **Recommendations** For Cesanta MJS versions 2.20.0 through 2.22.0, consider disabling the `getprop builtin foreign` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue allows attackers to execute arbitrary code and obtain sensitive information via the parser.c component. This is a Buffer Overflow vulnerability. **Recommendations** For libming version 0.4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.