Robert Scott

**Nome do software vulnerável e versões afetadas** Versões do bsdiff4 anteriores à 1.2.0 **Descrição** Um estouro de buffer na rotina de aplicação de patches permite que um invasor grave na memória heap além dos limites alocados por meio de um arquivo de patch malicioso. **Recomendações** Para versões anteriores à 1.2.0, atualize para a versão 1.2.0 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Cisco AnyConnect Secure Mobility Client for Linux (affected versions not specified) **Description** A vulnerability in the HostScan component could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The issue exists due to improper bounds checks, allowing an attacker to exploit it by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. The vulnerability is related to a buffer overflow in memory, which can be exploited using specially crafted HTTP traffic. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.