Arthurscchan

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to 2.17 **Description** PJSIP, a multimedia communication library written in C, contains a heap use-after-free issue within its event subscription framework, specifically in the `evsub.c` file. This issue is triggered by a presence unsubscription request—a SUBSCRIBE request with an Expires value of 0. Successful exploitation could lead to a crash or potentially code execution. **Recommendations** Update to version 2.17 or later.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.16 and below **Description** PJSIP, a multimedia communication library written in C, contains a Heap-based Buffer Overflow vulnerability in its H.264 unpacketizer. The issue arises when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without verifying that both bytes are within the payload buffer boundaries. This affects applications receiving video using H.264. The vulnerability allows remote attackers to potentially crash applications or execute code without authentication. **Recommendations** Upgrade to version 2.17 or later.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to 2.17 **Description** PJSIP, a multimedia communication library, contains a heap buffer underflow issue in its H.264 packetizer. This occurs when processing H.264 bitstreams lacking NAL unit start codes, leading to unchecked pointer arithmetic and potential memory access outside the allocated buffer. Exploitation of this issue, through malformed H.264 video sent over a network, can result in crashes or code execution. **Recommendations** Upgrade to version 2.17 or later.

**Name of the Vulnerable Software and Affected Versions** PowSyBl versions prior to 6.7.2 **Description** The issue is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. This vulnerability can be exploited when the `listNames(String regex)` method is called on a DataSource with a user-supplied regular expression, allowing a malicious actor to cause significant CPU consumption due to regex backtracking. The attack requires control over the regex input and influence over the file/resource names being matched. In a multi-tenant environment, this can degrade the performance and availability of the server, affecting other users of the application. **Recommendations** For versions prior to 6.7.2, update to com.powsybl:powsybl-commons:6.7.2 or higher to patch the vulnerability. As a temporary workaround, consider restricting access to the `listNames(String regex)` method or validating user-supplied regular expressions to minimize the risk of exploitation. Avoid using unvalidated user-supplied regular expressions in the `listNames(String regex)` method until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: com.powsybl:powsybl-iidm-criteria versions 6.3.0 through 6.7.1 com.powsybl:powsybl-contingency-api versions 5.0.0 through 5.0.0 Description: The issue is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the RegexCriterion class. This class compiles and evaluates an unvalidated, user-supplied regular expression against the identifier of an Identifiable object via Pattern.compile(regex).matcher(id).find(). If successfully exploited, a malicious actor can cause significant CPU exhaustion through repeated or recursive filter(...) calls — especially if performed over large network models or filtering operations. Recommendations: For com.powsybl:powsybl-iidm-criteria versions 6.3.0 through 6.7.1, update to version 6.7.2 or higher. For com.powsybl:powsybl-contingency-api versions 5.0.0, update to a version higher than 5.0.0, however, the exact fixed version for this component is not specified. As a temporary workaround, consider restricting the use of the RegexCriterion class until a patch is available. Avoid using untrusted regular expressions and potentially attacker-controlled identifiers in the RegexCriterion class to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PowSyBl versions prior to 6.7.2 **Description** The issue concerns an XML external entity (XXE) attack and a server-side request forgery (SSRF) attack in certain places of powsybl-core XML parsing. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive files on the system. The vulnerable class is `com.powsybl.commons.xml.XmlReader`, which is considered untrusted in use cases where untrusted users can submit their XML to the vulnerable methods. This can be a multi-tenant application that hosts many different users, perhaps with different privilege levels. **Recommendations** For versions prior to 6.7.2, update to com.powsybl:powsybl-commons: 6.7.2 or higher to patch the issue. As a temporary workaround, consider restricting access to the `com.powsybl.commons.xml.XmlReader` class to minimize the risk of exploitation. Avoid allowing untrusted users to import untrusted CGMES or XIIDM network files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PowSyBl versions 6.3.0 through 6.7.1 **Description** The issue is a deserialization problem in the `read` method of the `SparseMatrix` class, which can lead to various privilege escalations depending on the circumstances. This method takes an `InputStream` and returns a `SparseMatrix` object. Users are vulnerable if they import non-controlled serialized `SparseMatrix` objects. This can be particularly problematic in multi-tenant applications where users with different privilege levels can submit an `InputStream` to be parsed into a `SparseMatrix`, or when using the method for a local tool with `InputStream` from external sources. **Recommendations** For versions 6.3.0 through 6.7.1, consider updating to com.powsybl:powsybl-math:6.7.2 or higher to resolve the issue. As a temporary workaround, do not use `SparseMatrix` deserialization (`SparseMatrix.read(...)` methods) until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** @festify/secure-session versions prior to 7.3.0 **Description** The issue exists in the session removal process of @festify/secure-session. When a session is deleted, it is marked for deletion, but if an attacker gains access to the cookie, they could keep using it forever. The plugin creates a secure stateless cookie session for Fastify, encrypting data in the session with a secret key and attaching the ciphertext as a cookie value. When an encrypted cookie with a matching session name is provided with subsequent requests, it decrypts the ciphertext to get the data and creates a new session. **Recommendations** For versions prior to 7.3.0, update to version 7.3.0 to resolve the issue. As a temporary workaround, consider including a "last update" field in the session and treat "old sessions" as expired. Make sure to configure your cookie as "http only" to minimize the risk of exploitation.