Awen-Lio

**Name of the Vulnerable Software and Affected Versions** NumPy version 1.9.x **Description** A Buffer Overflow issue exists in the PyArray NewFromDescr int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. The vendor does not agree this is an issue; in very limited circumstances, a user may be able to provoke the buffer overflow, and the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Pyo versions prior to 1.03 **Description** The issue allows attackers to conduct Denial of Service attacks by arbitrarily constructing an overlong `client name` or server name in the `Server jack init` function. This enables attackers to cause a buffer overflow, leading to a denial of service. **Recommendations** For versions prior to 1.03, consider disabling the `Server jack init` function until a patch is available to prevent exploitation. Restrict access to the function to minimize the risk of denial of service attacks. Avoid using overlong `client name` or server names in the affected function to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Pyo versions prior to 1.03 **Description** A Buffer Overflow issue exists in the Server debug function, allowing remote attackers to conduct Denial of Service (DoS) attacks by passing an overlong audio file name. **Recommendations** For versions prior to 1.03, as a temporary workaround, consider disabling the Server debug function until a patch is available. Restrict access to the Server debug function to minimize the risk of exploitation. Avoid using overlong audio file names in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** cvxopt version 1.2.6 and earlier **Description** The issue is related to an incomplete string comparison vulnerability in certain APIs, specifically `cvxopt.cholmod.diag`, `cvxopt.cholmod.getfactor`, `cvxopt.cholmod.solve`, and `cvxopt.cholmod.spsolve`. This vulnerability allows attackers to conduct Denial of Service attacks by constructing fake Capsule objects. **Recommendations** For versions 1.2.6 and earlier, consider disabling the use of the vulnerable APIs (`cvxopt.cholmod.diag`, `cvxopt.cholmod.getfactor`, `cvxopt.cholmod.solve`, and `cvxopt.cholmod.spsolve`) until a patch is available. Restrict access to these APIs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.