Yves Younan

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.0-rc1 through 4.13-rc4 Description: A flaw in the Linux kernel may cause it to enter an infinite loop in the `cipso v4 optptr()` function when a crafted network packet is sent remotely, leading to a denial-of-service. This issue can be exploited if a certain non-default configuration of LSM (Linux Security Module) and NetLabel is set up on the system. Recommendations: For Linux kernel versions 4.0-rc1 through 4.13-rc4, as a temporary workaround, consider disabling the `cipso v4 optptr()` function until a patch is available. Restrict access to the `net/ipv4/cipso ipv4.c` module to minimize the risk of exploitation. Avoid using non-default configurations of LSM and NetLabel that could enable this flaw. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions 4.1.2 and earlier **Description** The issue allows remote attackers to cause a denial of service or execute arbitrary code via crafted MetaActions in an ODP or OTP file. This is related to the Impress tool. **Recommendations** For versions 4.1.2 and earlier, update to a version later than 4.1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A NULL pointer dereference issue exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in a denial of service. A malicious server can send a packet starting with a NULL byte to trigger this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A denial of service issue exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A memory corruption issue exists in Pidgin's handling of the MXIT protocol. This is caused by specially crafted MXIT MultiMX messages sent via the server, which can lead to an out-of-bounds write. As a result, this can cause memory disclosure and potentially allow code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** An issue exists in the handling of the MXIT protocol, where specially crafted MXIT contact information sent from the server can result in memory disclosure due to an out-of-bounds read. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A buffer overflow issue exists in the handling of the MXIT protocol. Specially crafted MXIT data sent from the server could result in arbitrary code execution. An attacker who intercepts the network traffic or a malicious server can send an invalid packet size, triggering a buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A buffer overflow issue exists in Pidgin's handling of the MXIT protocol. This can be triggered by specially crafted MXIT data from a server, potentially leading to an out-of-bounds write. A malicious server can exploit this by sending a negative content-length in response to an HTTP request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A buffer overflow issue exists in the handling of the MXIT protocol. This can be triggered by specially crafted data sent via the server, potentially resulting in memory corruption. The vulnerability can be exploited by a malicious server or an unfiltered malicious user sending negative length values. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** An issue exists in Pidgin related to the handling of the MXIT protocol. Specifically crafted MXIT data could lead to an out-of-bounds read. This could occur if a user is convinced to enter a particular string that gets converted incorrectly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A directory traversal issue exists in Pidgin's handling of the MXIT protocol. This could allow a malicious server or an attacker with network access to potentially overwrite files by sending specially crafted MXIT data. The issue can be triggered when an invalid filename for a splash image is provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** The issue is related to multiple memory corruption vulnerabilities in the handling of the MXIT protocol. These vulnerabilities can be exploited by sending specially crafted MXIT data via the server, potentially resulting in buffer overflows. This could lead to code execution or memory disclosure. An attacker, acting remotely, could exploit these vulnerabilities to disclose memory or inject arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A denial of service issue exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in a null pointer dereference. This could be triggered by a malicious server or an attacker intercepting network traffic, causing the application to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A denial of service issue exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this issue and cause a crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** An information leak exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar, triggering an out-of-bounds read. This could result in a denial of service or copy data from memory to the file, leading to an information leak if the avatar is sent to another user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** A denial of service issue exists in the handling of the MXIT protocol. Specially crafted MXIT data sent from the server could result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** An out-of-bounds write issue exists in the handling of the MXIT protocol, which could be triggered by specially crafted MXIT data sent via the server, potentially causing memory corruption and resulting in code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pidgin (affected versions not specified) **Description** An information leak exists in the handling of the MXIT protocol. Specially crafted MXIT data sent via the server could result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer, triggering an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Graphite 2 version 1.2.4 Mozilla Firefox versions prior to 43.0 Firefox ESR versions prior to 38.6.1 **Description** The issue is related to the directrun function in directmachine.cpp, which does not validate a certain skip operation. This allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via a crafted Graphite smart font, resulting in an out-of-bounds read and application crash. **Recommendations** For Graphite 2 version 1.2.4, update to a version that fixes the directrun function issue. For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later. For Firefox ESR versions prior to 38.6.1, update to version 38.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** NTP versions 4.2.x through 4.2.8p3 NTP versions 4.3.x through 4.3.76 Cisco Nexus (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, via crafted mode 6 response packets. **Recommendations** For NTP versions 4.2.x through 4.2.8p3, update to version 4.2.8p4 or later. For NTP versions 4.3.x through 4.3.76, update to version 4.3.77 or later. For Cisco Nexus, at the moment, there is no information about a newer version that contains a fix for this issue.