Eyal Itkin

**Name of the Vulnerable Software and Affected Versions** Valve's Game Networking Sockets versions prior to v1.2.0 **Description** The issue arises from the improper handling of long unreliable segments in the function `SNP ReceiveUnreliableSegment()` when configured to support plain-text messages. This leads to a Heap-Based Buffer Overflow, resulting in memory corruption and possibly even remote code execution. **Recommendations** For versions prior to v1.2.0, update to version v1.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the support for plain-text messages or restricting the use of the `SNP ReceiveUnreliableSegment()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Valve's Game Networking Sockets versions prior to v1.2.0 **Description** The issue arises from the improper handling of long encrypted messages in the `AES GCM DecryptContext::Decrypt()` function when compiled using libsodium. This leads to a Stack-Based Buffer Overflow, resulting in memory corruption and potentially allowing for remote code execution. **Recommendations** For versions prior to v1.2.0, update to version v1.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the `AES GCM DecryptContext::Decrypt()` function until a patch is available. Restrict access to sensitive areas of the program to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Valve's Game Networking Sockets versions prior to v1.2.0 **Description** The issue arises from the improper handling of unreliable segments with negative offsets in the `SNP ReceiveUnreliableSegment()` function, leading to a Heap-Based Buffer Underflow. This results in the `free()` of memory not allocated from the heap, causing memory corruption and potentially allowing for remote code execution. **Recommendations** For versions prior to v1.2.0, update to version v1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `SNP ReceiveUnreliableSegment()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Valve's Game Networking Sockets versions prior to v1.2.0 **Description** The issue arises from improper handling of inlined statistics messages in the `CConnectionTransportUDPBase::Received Data()` function, leading to an exception thrown from `libprotobuf` and resulting in a crash. **Recommendations** For versions prior to v1.2.0, update to version v1.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the `CConnectionTransportUDPBase::Received Data()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows DNS Server versions 2013 through 2019 **Description** A remote code execution issue exists in Windows Domain Name System servers when they fail to properly handle requests. This can be exploited by a remote attacker using a specially crafted DNS request, allowing them to execute arbitrary code. The vulnerability is also known as 'Windows DNS Server Remote Code Execution Vulnerability' and has been present for 17 years, affecting Windows DNS Servers from 2013 to 2019 editions. It is a 'wormable' bug, enabling attackers to launch malware attacks that can spread from one vulnerable computer to another without human interaction. **Recommendations** For Microsoft Windows DNS Server versions 2013 through 2019, apply the patch provided by Microsoft to fix the vulnerability. At the moment, there is no information about other newer versions that contain a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Apache Guacamole versions 1.1.0 and older Description: The issue is related to the mishandling of pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of specially-crafted PDUs could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. This can be described as a buffer overflow operation in memory, which may allow an attacker to elevate their privileges and execute arbitrary code. Recommendations: For Apache Guacamole versions 1.1.0 and older, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to RDP static virtual channels to minimize the risk of memory corruption. Avoid connecting to untrusted or potentially compromised RDP servers until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apache Guacamole versions 1.1.0 and older **Description** The issue arises from improper validation of data received from RDP servers via static virtual channels. If a user connects to a malicious or compromised RDP server, specially-crafted PDUs could result in disclosure of information within the memory of the guacd process handling the connection. **Recommendations** For Apache Guacamole versions 1.1.0 and older, consider updating to a version that properly validates data from RDP servers to prevent potential information disclosure. As a temporary workaround, restrict connections to trusted RDP servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Philips Hue Bridge model 2.X prior to and including version 1935144020 **Description** The issue is related to a Heap-based Buffer Overflow that occurs when handling a long ZCL string during the commissioning phase, resulting in remote code execution. This can be exploited using a malicious ZigBee lightbulb to infiltrate a home IoT network. The flaw could allow remote attackers to gain access to the entire WiFi network over-the-air without cracking the password and launch further attacks against other devices connected to the same network. **Recommendations** For Philips Hue Bridge model 2.X prior to and including version 1935144020, update to a version later than 1935144020 to resolve the issue. As a temporary workaround, consider restricting access to the commissioning phase to minimize the risk of exploitation. Avoid using the vulnerable Philips Hue Bridge until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Canon EOS series digital cameras versions 1.0.0 through 2.1.0 Canon EOS 5D MARK III firmware version 1.3.5 and earlier Canon EOS 5D MARK IV firmware version 1.2.0 and earlier Canon EOS 5DS firmware version 1.1.2 and earlier Canon EOS 5DS R firmware version 1.1.2 and earlier Canon EOS 6D firmware version 1.1.8 and earlier Canon EOS 6D MARK II firmware version 1.0.4 and earlier Canon EOS 7D MARK II firmware version 1.1.2 and earlier Canon EOS 70 D firmware version 1.1.2 and earlier Canon EOS 80 D firmware version 1.0.2 and earlier Canon EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier Canon EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier Canon EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier Canon EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier Canon EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier Canon EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier Canon EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier Canon EOS 9000D / EOS 77D firmware version 1.0.2 and earlier Canon EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier Canon EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier Canon EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier Canon EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier Canon EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier Canon EOS R firmware version 1.3.0 and earlier Canon EOS RP firmware version 1.2.0 and earlier Canon EOS RP GOLD firmware version 1.2.0 and earlier Canon EOS M2 firmware version 1.0.3 and earlier Canon EOS M3 firmware version 1.2.0 and earlier Canon EOS M5 firmware version 1.0.1 and earlier Canon EOS M6 firmware version 1.0.1 and earlier Canon EOS M6(China) firmware version 5.0.0 and earlier Canon EOS M10 firmware version 1.1.0 and earlier Canon EOS M100 firmware version 1.0.0 and earlier Canon EOS KISS M / EOS M50 firmware version 1.0.2 and earlier Canon PowerShot SX740 HS firmware version 1.0.1 and earlier Canon PowerShot SX70 HS firmware version 1.1.0 and earlier Canon PowerShot G5Xmark II firmware version 1.0.1 and earlier **Description** A buffer overflow issue exists in the Picture Transfer Protocol (PTP) of Canon EOS series digital cameras. This issue allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via the `notifybtstatus` command. **Recommendations** For each affected version, update the firmware to a version later than the one specified. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Services (affected versions not specified) **Description** A remote code execution issue exists in Remote Desktop Services due to insufficient input validation, allowing an attacker to execute arbitrary code. The vulnerability can be exploited by abusing clipboard redirection. It potentially allows control over the connected RDP client. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to a Heap-Based Buffer Overflow in the `ui clip handle data()` function, which can result in memory corruption and potentially allow for remote code execution. The vulnerability is associated with the implementation of the `ui clip handle data` function in the rdesktop RDP client. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code. **Recommendations** For rdesktop versions up to and including v1.8.3, update to a version later than v1.8.3 to resolve the issue. As a temporary workaround, consider disabling the `ui clip handle data()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to an Out-Of-Bounds Read in the `process secondary order()` function, which can result in a Denial of Service (segfault). This can be exploited by a remote attacker to cause a disruption in service. The vulnerability is associated with the implementation of the `process secondary order` function in the RDP client. **Recommendations** For rdesktop versions up to and including v1.8.3, consider applying a patch or update when available to fix the Out-Of-Bounds Read issue in the `process secondary order()` function. As a temporary workaround, restrict access to the `process secondary order()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to a Heap-Based Buffer Overflow in the `process plane()` function, which can result in memory corruption and potentially allow for remote code execution. The vulnerability in the `process plane` function implementation of the RDP client rdesktop is associated with a buffer overflow, and its exploitation may allow a remote attacker to execute arbitrary code. **Recommendations** For rdesktop versions up to and including v1.8.3, consider disabling the `process plane()` function as a temporary workaround until a patch is available. Restrict access to the RDP client to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to the implementation of the `cssp read tsrequest` function in the RDP client, which is associated with an out-of-bounds memory read. This can be exploited by a remote attacker to cause a denial of service, resulting in a crash. **Recommendations** For rdesktop versions up to and including v1.8.3, consider disabling the `cssp read tsrequest` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to an Out-Of-Bounds Read in the `process bitmap updates()` function, which can result in a Denial of Service (segfault). This can be exploited by a remote attacker to cause a disruption in service. The vulnerability is associated with a memory boundary read error in the implementation of the `process bitmap updates()` function in the rdesktop RDP client. **Recommendations** For rdesktop versions up to and including v1.8.3, consider applying a patch or update when available to fix the `process bitmap updates()` function issue. As a temporary workaround, consider restricting access to the `process bitmap updates()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to an Out-Of-Bounds Read in the `rdpsnd process ping()` function, which results in an information leak. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For versions up to and including v1.8.3, consider disabling the `rdpsnd process ping()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to an Integer Overflow in the `process bitmap updates()` function, leading to a Heap-Based Buffer Overflow, which results in memory corruption and potentially allows for remote code execution. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For versions up to and including v1.8.3, update to a version later than v1.8.3 to resolve the issue. As a temporary workaround, consider disabling the `process bitmap updates()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to an Integer Overflow in the `process bitmap updates()` function, leading to an Out-Of-Bounds Write and resulting in memory corruption. This could potentially allow for remote code execution. The vulnerability is associated with the implementation of the `process bitmap updates` function in the RDP client. **Recommendations** For rdesktop versions up to and including v1.8.3, consider disabling the `process bitmap updates()` function as a temporary workaround until a patch is available. Restrict access to the RDP client to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to a heap-based buffer overflow in the `cssp read tsrequest()` function of the RDP client. This can lead to memory corruption and potentially allow a remote attacker to execute arbitrary code. **Recommendations** For versions up to and including v1.8.3, update to a version that contains a fix for this issue to prevent potential remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions up to and including v1.8.3 **Description** The issue is related to an Out-Of-Bounds Read in the `rdpdr process()` function, which results in an information leak. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For versions up to and including v1.8.3, consider disabling the `rdpdr process()` function as a temporary workaround until a patch is available. Restrict access to the RDP client to minimize the risk of exploitation.