Chris Buccella

**Name of the Vulnerable Software and Affected Versions** SBLIM SFCB versions prior to 1.3.8 **Description** A heap-based buffer overflow issue exists, potentially allowing remote attackers to execute arbitrary code. This is achieved by specifying a Content-Length HTTP header value that is too small for the amount of POST data sent. **Recommendations** For versions prior to 1.3.8, update to version 1.3.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SBLIM SFCB versions 1.3.4 through 1.3.7 **Description** The issue is related to an integer overflow in the httpAdapter.c component of SBLIM SFCB. This occurs when the configuration sets httpMaxContentLength to a zero value, allowing remote attackers to potentially cause a denial of service or execute arbitrary code by sending a large integer in the Content-Length HTTP header. **Recommendations** For SBLIM SFCB versions 1.3.4 through 1.3.7, consider setting a non-zero value for httpMaxContentLength to prevent exploitation. Additionally, as a temporary workaround, restrict access to the httpAdapter component until a patch is available.