Tuomas Räsänen

**Name of the Vulnerable Software and Affected Versions** unADF (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in the extractTree function, which allows remote attackers to execute arbitrary code via a long pathname. This can potentially lead to the execution of malicious code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** unADF (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file, specifically through the extractTree function in unADF. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nbd-server versions 2.9.22 through 3.3 **Description** The issue in nbd-server allows remote attackers to cause a denial of service by either closing the connection during negotiation or specifying a name for a non-existent export, which can lead to the termination of the root process. **Recommendations** For versions 2.9.22 through 3.3, consider implementing measures to handle connection closures and invalid export names to prevent denial of service attacks. As a temporary workaround, restrict access to the nbd-server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** nbd-server versions prior to 3.11 **Description** The issue is related to the improper handling of signals in nbd-server.c, which can be exploited by remote attackers to cause a denial of service (deadlock) via unspecified vectors. **Recommendations** For versions prior to 3.11, update to version 3.11 or later to resolve the issue.