Tim Taylor

**Name of the Vulnerable Software and Affected Versions** Azure IoT Device Provisioning AMQP Transport library (affected versions not specified) **Description** A spoofing issue exists due to improper certificate validation over the AMQP protocol. This affects the C# SDK, C SDK, and Java SDK. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mercur Messaging versions 5.0 SP3 and earlier **Description** The issue is related to a stack-based buffer overflow in the IMAP service, which can be triggered by sending a long string to specific commands. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. The vulnerable commands include the "LOGIN" and "SELECT" commands. **Recommendations** For Mercur Messaging versions 5.0 SP3 and earlier, consider restricting access to the IMAP service until a fix is available. As a temporary workaround, limit the length of input strings to the "LOGIN" and "SELECT" commands to prevent buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.