Prasanth Sundararajan

**Name of the Vulnerable Software and Affected Versions** BC-JAVA versões 1.74 a 1.83 **Description** Uma neutralização inadequada de elementos especiais usados em uma consulta LDAP, conhecida como injeção de LDAP, existe nos módulos BC-JAVA bcprov. Este problema está associado aos arquivos de programa LDAPStoreHelper. **Recommendations** Atualizar para a versão 1.84.

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 5.8.4 **Description** An integer underflow in the packet sniffer component of wolfSSL allows an attacker to cause a buffer overflow in the AEAD decryption path. This occurs when a TLS record shorter than the expected length is injected into traffic inspected by `ssl DecodePacket`. The underflow results in a large value being passed to AEAD decryption routines, leading to a heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records. The vulnerable component is the AEAD decryption path, specifically during the processing of TLS records. The vulnerable function is `ssl DecodePacket`. The `IV` (Initialization Vector) and authentication tag are involved in the length calculation that is susceptible to the underflow. **Recommendations** wolfSSL versions prior to 5.8.4 should be updated.