Bwoodsend

**Name of the Vulnerable Software and Affected Versions** bwoodsend rockhopper versions up to 0.1.2 **Description** A critical issue has been found in the Binary Parser component, specifically in the `count rows` function of the `rockhopper/src/ragged array.c` file. The manipulation of the `raw` argument leads to a buffer overflow. Local access is required to exploit this issue. Upgrading to version 0.2.0 addresses this issue. **Recommendations** For bwoodsend rockhopper versions up to 0.1.2, upgrade to version 0.2.0 to address the issue. As a temporary workaround, consider restricting access to the `count rows` function in the Binary Parser component until the upgrade is applied.

Name of the Vulnerable Software and Affected Versions: UltraJSON (aka ujson) versions 1.34 through 5.1.0 Description: The issue is a stack-based buffer overflow in `Buffer AppendIndentUnchecked`, which is called from `encode`. This can be exploited, for example, by using a large amount of indentation. There is a dispute regarding the confirmation of this finding, with some third parties arguing that the issue is not a confirmed vulnerability due to a change in the AFLplusplus project. Recommendations: For versions 1.34 through 5.1.0, consider disabling the `Buffer AppendIndentUnchecked` function or restricting its use until a patch is available. As a temporary workaround, avoid using excessive indentation in the `encode` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.