Chamal

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.4.51 and earlier **Description** A carefully crafted request body can cause a buffer overflow in the mod lua multipart parser, specifically when the `r:parsebody()` function is called from Lua scripts. The Apache httpd team is not aware of an exploit for this issue, though it might be possible to craft one. This can potentially allow a remote attacker to execute arbitrary code by sending a specially formed HTTP request. **Recommendations** For Apache HTTP Server versions 2.4.51 and earlier, consider disabling the mod lua module or restricting its use until a patch is available. As a temporary workaround, avoid using the `r:parsebody()` function in Lua scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ruby versions prior to 2.7.5 Ruby versions 3.x prior to 3.0.3 CGI gem versions prior to 0.3.1 **Description** The issue is caused by an integer overflow and resultant buffer overflow in the CGI.escape html function when a long string is passed to it on platforms where size t and long have different numbers of bytes, such as Windows. This can lead to a buffer overrun when a user passes a very large string to CGI.escape html. The exploitation of this issue may allow a remote attacker to execute arbitrary code in the target system. **Recommendations** For Ruby versions prior to 2.7.5, update to version 2.7.5 or later. For Ruby versions 3.x prior to 3.0.3, update to version 3.0.3 or later. For CGI gem versions prior to 0.3.1, update to version 0.3.1 or later. As a temporary workaround, consider restricting the input size to CGI.escape html to prevent buffer overflows until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 30.0.1599.66 **Description** A use-after-free issue exists in the PepperInProcessRouter::SendToHost function, which is part of the Pepper Plug-in API (PPAPI) in Google Chrome. This issue can be exploited by remote attackers via vectors involving a resource-destruction message, potentially causing a denial of service or having other unspecified impacts. **Recommendations** For versions prior to 30.0.1599.66, update to version 30.0.1599.66 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Pepper Plug-in API until a patch is applied.