Evgeny Legerov

**Name of the Vulnerable Software and Affected Versions** Suricata versions prior to 7.0.5 Suricata versions prior to 6.0.19 **Description** The issue is related to a limited buffer overflow in Suricata, a network Intrusion Detection System, Intrusion Prevention System, and Network Security Monitoring engine. Specially crafted traffic or datasets can cause this overflow. Exploitation of the issue may allow a remote attacker to cause a denial of service. Workarounds include not using rules with the `base64 decode` keyword and the `bytes` option with values 1, 2, or 5, and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false. **Recommendations** For versions prior to 7.0.5, update to version 7.0.5 or later. For versions prior to 6.0.19, update to version 6.0.19 or later. As a temporary workaround, consider not using rules with the `base64 decode` keyword and the `bytes` option with values 1, 2, or 5. For 7.0.x, set `app-layer.protocols.smtp.mime.body-md5` to false as a temporary mitigation measure.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.11.6 FreeRDP versions prior to 3.5.0 **Description** The issue is related to an out-of-bounds read in the `zgfx decompress segment()` function of the FreeRDP client. This can allow a remote attacker to disclose protected information. **Recommendations** For versions prior to 2.11.6, update to version 2.11.6 to resolve the issue. For versions prior to 3.5.0, update to version 3.5.0 to resolve the issue. As a temporary workaround, consider deactivating the `/gfx` option (on by default) and set `/bpp` or `/rfx` options instead.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.11.6 FreeRDP versions prior to 3.5.0 **Description** The issue is related to an out-of-bounds read in the `interleaved decompress()` function of the FreeRDP RDP client. This can allow a remote attacker to disclose protected information. The vulnerability affects FreeRDP based clients using the `/bpp:32` legacy `GDI` drawing path. **Recommendations** For versions prior to 2.11.6, update to version 2.11.6 to resolve the issue. For versions prior to 3.5.0, update to version 3.5.0 to resolve the issue. As a temporary workaround, consider using modern drawing paths, such as the `/rfx` or `/gfx` options, which requires server-side support.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.5.0 FreeRDP versions prior to 2.11.6 **Description** The issue is related to an out-of-bounds read in the FreeRDP client. This can be exploited by a remote attacker to disclose protected information. The vulnerability is associated with the `planar skip plane rle()` function. Additionally, other issues such as out-of-bounds reads in `zgfx decompress segment`, `ncrush decompress`, and `interleaved decompress`, as well as integer overflow and underflow in certain functions, have been identified. **Recommendations** For versions prior to 3.5.0, update to version 3.5.0 to resolve the issue. For versions prior to 2.11.6, update to version 2.11.6 to resolve the issue. As a temporary workaround, consider using `/gfx` or `/rfx` modes, which are enabled by default and require server-side support.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.11.6 FreeRDP versions prior to 3.5.0 **Description** The issue is related to an integer overflow and out-of-bounds write in FreeRDP, a free implementation of the Remote Desktop Protocol. This can potentially allow a remote attacker to execute arbitrary code. As a workaround, it is recommended not to use `/gfx` options, which can be deactivated with `/bpp:32` or `/rfx` as it is on by default. **Recommendations** For versions prior to 2.11.6, update to version 2.11.6 to resolve the issue. For versions prior to 3.5.0, update to version 3.5.0 to resolve the issue. As a temporary workaround, consider deactivating the `/gfx` options by using `/bpp:32` or `/rfx` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.5.0 FreeRDP versions prior to 2.11.6 **Description** The issue is related to out-of-bounds read and integer overflow in functions such as `ncrush decompress()`, `zgfx decompress segment`, `clear decompress residual data`, `nsc rle decode`, `planar skip plane rle`, and `interleaved decompress`. This can allow a remote attacker to execute arbitrary code. No known workarounds are available. **Recommendations** For FreeRDP versions prior to 3.5.0, update to version 3.5.0 to resolve the issue. For FreeRDP versions prior to 2.11.6, update to version 2.11.6 to resolve the issue. As a temporary workaround, consider disabling the `ncrush decompress()` function until a patch is available. Restrict access to the vulnerable modules `zgfx decompress segment`, `clear decompress residual data`, `nsc rle decode`, `planar skip plane rle`, and `interleaved decompress` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.5.0 FreeRDP versions prior to 2.11.6 **Description** The issue is related to an integer underflow in the `nsc rle decode()` function of the FreeRDP client. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability is associated with connections to servers using the `NSC` codec. **Recommendations** For FreeRDP versions prior to 3.5.0, update to version 3.5.0 to resolve the issue. For FreeRDP versions prior to 2.11.6, update to version 2.11.6 to resolve the issue. As a temporary workaround, consider disabling the use of the `NSC` codec (e.g., use `-nsc`) until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.7.1 iPadOS versions prior to 15.7.1 macOS Ventura versions prior to 13 watchOS versions prior to 9.1 iOS versions prior to 16.1 iPadOS versions prior to 16 macOS Monterey versions prior to 12.6.1 macOS Big Sur versions prior to 11.7.1 **Description** The issue allows a user to potentially cause unexpected app termination or arbitrary code execution. **Recommendations** For iOS versions prior to 15.7.1, update to iOS 15.7.1 or later. For iPadOS versions prior to 15.7.1, update to iPadOS 15.7.1 or later. For macOS Ventura versions prior to 13, update to macOS Ventura 13 or later. For watchOS versions prior to 9.1, update to watchOS 9.1 or later. For iOS versions prior to 16.1, update to iOS 16.1 or later. For iPadOS versions prior to 16, update to iPadOS 16 or later. For macOS Monterey versions prior to 12.6.1, update to macOS Monterey 12.6.1 or later. For macOS Big Sur versions prior to 11.7.1, update to macOS Big Sur 11.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A heap-based buffer overflow issue was found in the GSSAPI unwrap des() and unwrap des3() routines of Heimdal, which is part of the Samba network interaction program. This issue allows a remote user to send specially crafted malicious data, possibly resulting in a denial of service (DoS) attack. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 105.0.5195.125 **Description** The issue is related to a heap buffer overflow in the Internals component of Google Chrome, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This may impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 105.0.5195.125, update to version 105.0.5195.125 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.95 **Description** The issue is related to a heap-based buffer overflow in the `host name lookup` function in `host.c` when `sender host name` is set. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 4.95, update to version 4.95 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `sender host name` setting until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Exim versions prior to 4.96 **Description** The issue is related to the use of memory after it has been freed in the pam converse function of the Exim mail server. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The problem arises from an invalid free in pam converse in auths/call pam.c due to the lack of use of store free after store malloc. **Recommendations** For versions prior to 4.96, update to version 4.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the pam converse function in auths/call pam.c to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** zlib versions 1.2.12 and earlier MySQL Server versions 5.7.41 and earlier, 8.0.31 and earlier **Description** The issue is related to a heap-based buffer over-read or buffer overflow in the inflate function of the zlib library, specifically in the inflate.c component. This can be triggered by a large gzip header extra field. Only applications that call `inflateGetHeader` are affected. The exploitation of this issue may allow a remote attacker to execute arbitrary code on the system. It is also noted that some common applications bundle the affected zlib source code but may be unable to call `inflateGetHeader`. **Recommendations** For zlib versions 1.2.12 and earlier, update to a version that includes improved checks to address the heap-based buffer overflow issue. For MySQL Server versions 5.7.41 and earlier, 8.0.31 and earlier, consider restricting access to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the `inflateGetHeader` function in affected applications until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenOffice.org version 3.3 **Description** The issue allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. **Recommendations** For OpenOffice.org version 3.3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FRISK Software F-Prot Antivirus versions prior to 4.6.7 **Description** The issue allows user-assisted remote attackers to cause a denial of service, resulting in an infinite loop, via a crafted ACE file. **Recommendations** For versions prior to 4.6.7, update to version 4.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Real Networks Helix Server versions prior to 11.1.3 Real Networks Helix Mobile Server versions prior to 11.1.3 Real Networks Helix DNA Server versions 11.0 and 11.1 **Description** A heap-based buffer overflow issue allows remote attackers to cause a denial of service or execute arbitrary code via a DESCRIBE request that contains an invalid `LoadTestPassword` field. **Recommendations** For Real Networks Helix Server versions prior to 11.1.3, update to version 11.1.3 or later. For Real Networks Helix Mobile Server versions prior to 11.1.3, update to version 11.1.3 or later. For Real Networks Helix DNA Server versions 11.0 and 11.1, update to a version later than 11.1.

Name of the Vulnerable Software and Affected Versions: ProFTPD version 1.3.0 and earlier Description: The issue is related to a stack-based buffer overflow in the sreplace function, which can be exploited by remote attackers to cause a denial of service and potentially execute arbitrary code. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. Recommendations: For ProFTPD version 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ProFTPD versions 1.3.0a and earlier Description: The issue is related to a buffer overflow in the `tls x509 name oneline` function within the mod tls module. This allows remote attackers to execute arbitrary code by providing a large data length argument. The vulnerability can be exploited remotely and may lead to disruption of confidentiality, integrity, and availability of protected information. Recommendations: For ProFTPD versions 1.3.0a and earlier, consider disabling the mod tls module as a temporary workaround until a patch is available. Restrict access to the `tls x509 name oneline` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: XLink Omni-NFS Server version 5.2 Description: A stack-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd). Recommendations: For XLink Omni-NFS Server version 5.2, consider restricting access to the nfsd service on port 2049 until a patch is available. As a temporary workaround, disabling the nfsd service can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GnuPG (gpg) versions 1.4.3 and 1.9.20, and earlier versions **Description** The issue allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow. This can be demonstrated using the --no-armor option. **Recommendations** For GnuPG (gpg) versions 1.4.3 and 1.9.20, and earlier versions, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.