Ali Raza

Name of the Vulnerable Software and Affected Versions libcap (affected versions not specified) Description A flaw exists in libcap where a local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap set file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to a file controlled by the attacker. Capabilities can be injected into or stripped from unintended executables, potentially leading to privilege escalation. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zlog versions 1.1.0 through 1.2.17 **Description** The issue is related to a heap-based buffer overflow in the zlog library, specifically in the `zlog rule new()` function. This occurs because the size of `record name` is limited to `MAXLEN PATH(1024) + 1`, but `file path` can contain data up to `MAXLEN CFG LINE(MAXLEN PATH*4) + 1`, leading to a missing check when copying `record name` from `file path + 1`. This can cause a buffer overflow, allowing an attacker to potentially overwrite the `zlog record fn` `record func` function pointer, resulting in arbitrary code execution or remote code execution (RCE). **Recommendations** For zlog versions 1.1.0 through 1.2.17, as a temporary workaround, consider disabling the `zlog rule new()` function until a patch is available. Restrict access to the `zlog rule s` class to minimize the risk of exploitation. Avoid using overly long strings for user-defined outputs in configuration files to prevent buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.