Cla7Aye15I4Ndo

**Name of the Vulnerable Software and Affected Versions** jq version 1.7.1 **Description** The issue is related to a stack-buffer-overflow in the `decNumberCopy` function within `decNumber.c`. **Recommendations** For jq version 1.7.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Open62541 version 1.4.6 **Description** The issue is related to an assertion failure in the `fuzz binary decode` function, which can cause a crash. **Recommendations** For Open62541 version 1.4.6, consider disabling the `fuzz binary decode` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ntopng version 6.2 **Description** A heap-buffer-overflow issue has been identified in the `Flow::dissectMDNS` function. This issue can potentially lead to a buffer overflow, which may cause the program to crash or execute arbitrary code. **Recommendations** For ntopng version 6.2, consider disabling the `Flow::dissectMDNS` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Assimp version 5.4.3 **Description** A heap-buffer-overflow issue was discovered in the SkipSpacesAndLineEnd function. This occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash. The issue poses a risk of potential remote code execution. **Recommendations** For Assimp version 5.4.3, patch immediately to resolve the issue. Additionally, consider monitoring for exploit development to minimize the risk of exploitation. As a temporary workaround, consider restricting the processing of MD5 model files until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Assimp library (affected versions not specified) **Description** A segmentation fault was detected in the SortByPTypeProcess::Execute function during fuzz testing with AddressSanitizer, caused by a read access to an invalid memory address. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** assimp version 5.4.3 **Description** An issue in the Assimp library allows a local attacker to execute arbitrary code via the `CallbackToLogRedirector` function. This enables the attacker to potentially gain control over the system. **Recommendations** For assimp version 5.4.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `CallbackToLogRedirector` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Assimp library (affected versions not specified) **Description** A heap-buffer-overflow issue has been identified in the OpenDDLParser::parseStructure function within the library, specifically during the processing of OpenGEX files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Assimp version 5.4.3 **Description** The issue is related to a Buffer Overflow that occurs via the `MD5Importer::LoadMD5MeshFile` function. This function is part of the MD5Importer in Assimp. **Recommendations** For Assimp version 5.4.3, as a temporary workaround, consider disabling the `MD5Importer::LoadMD5MeshFile` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta mjs version 2.20.0 **Description** A function pointer hijacking issue was discovered in the `mjs get ptr()` function, allowing attackers to execute arbitrary code via a crafted input. **Recommendations** For version 2.20.0, consider disabling the `mjs get ptr()` function as a temporary workaround until a patch is available.