Fcorleone

**Name of the Vulnerable Software and Affected Versions** FISCO-BCOS version release-3.0.0-rc2 **Description** The issue allows a malicious node to cause normal nodes to stop producing new blocks and processing new clients' requests by sending an invalid proposal with an invalid header. **Recommendations** For FISCO-BCOS version release-3.0.0-rc2, as a temporary workaround, consider restricting the ability of malicious nodes to send invalid proposals until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FISCO-BCOS version release-3.0.0-rc2 **Description** The issue allows a malicious node to trigger an integer overflow, resulting in a Denial of Service (DoS) via an unusually large `viewchange` message packet. **Recommendations** For FISCO-BCOS version release-3.0.0-rc2, consider restricting the size of `viewchange` message packets to prevent unusually large packets from causing an integer overflow and subsequent Denial of Service (DoS).

**Name of the Vulnerable Software and Affected Versions** FISCO-BCOS version 3.0.0-rc2 **Description** The issue allows a malicious node to cause normal nodes to change view excessively and stop generating blocks by sending a malicious viewchange packet. **Recommendations** For FISCO-BCOS version 3.0.0-rc2, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: FISCO-BCOS version 2.7.2 Description: The blockchain node in FISCO-BCOS may have a bug when dealing with unformatted packets, leading to a crash. A malicious node can send a packet continuously in an incorrect format that cannot be decoded by the node correctly, causing the node to consume memory sustainably and crash. Recommendations: For FISCO-BCOS version 2.7.2, consider updating to a newer version that contains a fix for this issue, as the current version may be prone to crashes due to incorrectly formatted packets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `pbc pattern pack` function in pattern.c. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `set field one` function in bootstrap.c when making a query. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `pbc pattern set default` function in pattern.c. **Recommendations** For versions prior to 2017-03-02, consider restricting access to the `pbc pattern set default` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `pbc rmessage message` function in rmessage.c. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a allows a buffer over-read to occur in the `pbc wmessage string` function within `wmessage.c`, specifically for `PTYPE ENUM`. **Recommendations** For versions prior to 2017-03-02, update to a version released after 2017-03-02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a NULL pointer dereference in the `pbc wmessage string` function within wmessage.c. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue was discovered in libpbc.a. A use-after-free can occur in the ` pbcM sp query` function in map.c. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the `wiretype decode` function in `context.c`. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** cloudwu PBC versions prior to 2017-03-02 **Description** An issue in libpbc.a can cause a SEGV in the set field one function in bootstrap.c during a memcpy operation. **Recommendations** For versions prior to 2017-03-02, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** aubio version 0.4.6 **Description** An issue was discovered in aubio where a buffer over-read can occur in the `new aubio pitchyinfft` function in `pitch/pitchyinfft.c`. This issue is demonstrated by aubionotes and can occur when the samplerate of the input file is larger than 50kHz. **Recommendations** For aubio version 0.4.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aubio version 0.4.6 **Description** An issue was discovered in aubio where a SEGV signal can occur in the `aubio source avcodec readframe` function in `io/source avcodec.c`, as demonstrated by aubiomfcc. **Recommendations** For aubio version 0.4.6, consider disabling the `aubio source avcodec readframe` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** aubio version 0.4.6 **Description** An issue was discovered in aubio where a SEGV signal can occur in `aubio pitch set unit` in `pitch/pitch.c`, as demonstrated by aubionotes. **Recommendations** For aubio version 0.4.6, consider disabling the `aubio pitch set unit` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** THULAC through 2018-02-25 **Description** An issue in libthulac.so allows a NULL pointer dereference to occur in the BasicModel class, which is defined in include/cb model.h. **Recommendations** For versions through 2018-02-25, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** THULAC through 2018-02-25 **Description** An issue was discovered in libthulac.so, where "operator delete" is used with "operator new[]" in the `TaggingLearner` class in include/cb tagging learner.h, possibly leading to memory corruption. **Recommendations** For THULAC through 2018-02-25, consider updating to a version that fixes the memory corruption issue in the `TaggingLearner` class. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** THULAC through 2018-02-25 **Description** An issue in libthulac.so can cause a SEGV in NGramFeature::find bases, located in include/cb ngram feature.h. **Recommendations** For versions of THULAC through 2018-02-25, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** THULAC through 2018-02-25 **Description** A heap-based buffer over-read issue can occur in the NGramFeature::find bases function, located in include/cb ngram feature.h, within the libthulac.so library of THULAC. **Recommendations** For versions of THULAC through 2018-02-25, at the moment, there is no information about a newer version that contains a fix for this issue.