Cpu

**Name of the Vulnerable Software and Affected Versions** OSSEC-HIDS versions 2.7 through 3.5.0 **Description** The server component responsible for log analysis, ossec-analysisd, is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. **Recommendations** For OSSEC-HIDS versions 2.7 through 3.5.0, consider restricting access to the ossec-analysisd component until a patch is available. As a temporary workaround, limit the interaction with the rootcheck decoder component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OSSEC-HIDS versions 2.7 through 3.5.0 **Description** The server component responsible for log analysis, ossec-analysisd, is susceptible to an off-by-one heap-based buffer overflow. This occurs during the cleaning of crafted syslog messages received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted. **Recommendations** For OSSEC-HIDS versions 2.7 through 3.5.0, consider disabling the ossec-analysisd component temporarily until a patch is available to prevent potential exploitation of the buffer overflow vulnerability. Restrict access to the analysisd processing queue to minimize the risk of exploitation. Avoid using crafted syslog messages in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OSSEC-HIDS versions 2.7 through 3.5.0 **Description** The server component responsible for log analysis, ossec-analysisd, is vulnerable to a use-after-free during processing of ossec-alert formatted messages received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted. **Recommendations** For OSSEC-HIDS versions 2.7 through 3.5.0, consider disabling the ossec-analysisd component until a patch is available to prevent exploitation of the use-after-free vulnerability. Restrict access to the ossec-remoted component to minimize the risk of receiving malicious ossec-alert formatted messages.

**Name of the Vulnerable Software and Affected Versions** OSSEC-HIDS versions 2.7 through 3.5.0 **Description** The server component responsible for log analysis, ossec-analysisd, is vulnerable to a use-after-free during processing of syscheck formatted msgs. These messages are received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted. **Recommendations** For OSSEC-HIDS versions 2.7 through 3.5.0, consider disabling the ossec-analysisd component temporarily until a patch is available to prevent potential exploitation. Restrict access to the ossec-remoted component to minimize the risk of receiving malicious syscheck formatted msgs.

**Name of the Vulnerable Software and Affected Versions** mastercactapus proxyprotocol versions prior to 0.0.2 mastercactapus caddy-proxyprotocol plugin versions prior to 0.0.2 for Caddy **Description** The issue allows remote attackers to cause a denial of service, resulting in a webserver panic and daemon crash. This can be achieved by sending a crafted HAProxy PROXY v2 request with truncated source/destination address data. The problem occurs when handling invalid HAProxy PROXY v2 requests. **Recommendations** For mastercactapus proxyprotocol versions prior to 0.0.2, update to version 0.0.2 or later to resolve the issue. For mastercactapus caddy-proxyprotocol plugin versions prior to 0.0.2 for Caddy, update to version 0.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `github.com/mastercactapus/proxyprotocol` module to minimize the risk of exploitation.