Emanuel Almeida

**Name of the Vulnerable Software and Affected Versions** BIND versions 9.15.6 through 9.16.5 BIND versions 9.17.0 through 9.17.3 **Description** The issue is related to the libuv library in the BIND DNS server, which can be exploited by an attacker who can establish a TCP connection with the server and send data on that connection, causing the server to exit due to an assertion failure. This can be triggered by sending a specific set of packets to the TCP port on which the BIND server accepts connections, including large AXFR requests that can cause the libuv library to pass a size to the server that triggers the assertion check and process termination. **Recommendations** For BIND versions 9.15.6 through 9.16.5, update to version 9.16.6 or later. For BIND versions 9.17.0 through 9.17.3, update to version 9.17.4 or later. As a temporary workaround, consider restricting access to the TCP port on which the BIND server accepts connections to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: LOGO! 8 BM (incl. SIPLUS variants) (All versions) Description: A vulnerability has been identified that could allow an attacker to read and modify the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication, no public exploitation of this security vulnerability was known. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.