Airsupply

**Name of the Vulnerable Software and Affected Versions** netkit-ftp versions 0.17 20040614 and later **Description** A double free vulnerability in the getreply function in ftp.c allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. **Recommendations** For netkit-ftp versions 0.17 20040614 and later, consider disabling the `getreply` function in ftp.c as a temporary workaround until a patch is available. Restrict access to the FTP protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iwlwifi versions 1.1.21 and earlier **Description** The issue is related to the iwl set rate function in compatible/iwl3945-base.c, which dereferences an iwl get hw mode return value without checking for NULL. This could allow remote attackers to cause a denial of service, specifically a kernel panic, via unspecified vectors during module initialization. **Recommendations** For iwlwifi versions 1.1.21 and earlier, as a temporary workaround, consider disabling the iwl set rate function until a patch is available. However, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OpenOffice versions 1.1.4 and earlier **Description** The issue is related to the StgCompObjStream::Load function, which allocates memory based on 16-bit length values but processes memory using 32-bit values. This discrepancy can be exploited by remote attackers using a specially crafted DOC document with certain length values, potentially leading to a denial of service and possibly the execution of arbitrary code due to a heap-based buffer overflow. **Recommendations** For OpenOffice versions 1.1.4 and earlier, consider updating to a version that addresses this issue, as the current version may be susceptible to a heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.