Ekkosun

**Name of the Vulnerable Software and Affected Versions** rizinorg rizin versions 0.7.4 and earlier **Description** A critical issue affects the function `msf stream directory free` in the library `/librz/bin/pdb/pdb.c`. The manipulation of the argument `-P` leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. **Recommendations** To address this issue, upgrade to version 0.8.0. As a temporary workaround, consider restricting access to the `msf stream directory free` function until a patch is available. Avoid using the argument `-P` in the affected library until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** rizinorg rizin versions up to 0.8.0 **Description** A critical vulnerability was found in rizinorg rizin, affecting the `rz utf8 encode` function in the library `/librz/util/utf8.c`. The manipulation leads to a heap-based buffer overflow. An attack must be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, apply a patch to the affected version of rizinorg rizin. As a temporary workaround, consider disabling the `rz utf8 encode` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.7.8 **Description** The issue is related to the `list item verbose` function in `tar/util.c`, which does not check the return value of `strftime`. This can lead to a denial of service or other unspecified impact when a crafted TAR archive is read with a verbose value of 2. The problem may occur due to insufficient buffer size, such as the 100-byte buffer, for custom locales. **Recommendations** For versions prior to 3.7.8, update to version 3.7.8 or later to resolve the issue.