Fermin J. Serna

**Name of the Vulnerable Software and Affected Versions** U-Boot versions through 2022.04 U-Boot versions through 2022.07-rc2 **Description** The issue is related to the `nfs lookup reply` function in `net/nfs.c`, which is part of the U-Boot bootloader for Linux-based embedded operating systems. It involves a buffer copy operation without proper input size validation, potentially leading to a buffer overflow. This could allow an attacker to execute arbitrary code. **Recommendations** For U-Boot versions through 2022.04, update to a version that includes a correct fix for the issue. For U-Boot versions through 2022.07-rc2, update to a version that includes a correct fix for the issue. As a temporary workaround, consider restricting access to the `nfs lookup reply` function in `net/nfs.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions prior to 2.78 **Description** The issue is related to a memory leak that can be triggered when specific options such as `--add-mac`, `--add-cpe-id`, or `--add-subnet` are used. This allows remote attackers to cause a denial of service by consuming memory through vectors involving DNS response creation. **Recommendations** For dnsmasq versions prior to 2.78, update to version 2.78 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `--add-mac`, `--add-cpe-id`, and `--add-subnet` options until the update is applied.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions prior to 2.78 **Description** The issue is caused by an integer underflow in the `add pseudoheader` function of the Dnsmasq DNS server when the `--add-mac`, `--add-cpe-id`, or `--add-subnet` option is specified. This allows a remote attacker to cause a denial of service via a specially crafted DNS request. **Recommendations** For versions prior to 2.78, update to version 2.78 or later to resolve the issue. As a temporary workaround, consider disabling the `add pseudoheader` function or avoiding the use of the `--add-mac`, `--add-cpe-id`, or `--add-subnet` options until a patch is available.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions prior to 2.78 **Description** The issue is related to deficiencies in handling forwarded DHCPv6 requests, which can be exploited by a remote attacker to disclose sensitive information by injecting special elements into a command. This can allow remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. **Recommendations** For versions prior to 2.78, update to version 2.78 or later to resolve the issue. As a temporary workaround, consider restricting access to the DHCPv6 relay functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Dnsmasq versions prior to 2.78 **Description** The issue is caused by a heap-based buffer overflow in the dynamic memory of the DNS server. This can be exploited by a remote attacker using a specially crafted IPv6 request, potentially allowing them to cause a denial of service or execute arbitrary code. **Recommendations** For versions prior to 2.78, update to version 2.78 or later to resolve the issue. As a temporary workaround, consider restricting access to the DNS server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions prior to 2.78 **Description** The issue is a heap-based buffer overflow that can be triggered by a crafted DNS response, allowing remote attackers to cause a denial of service or execute arbitrary code. This can occur due to a missing bounds check in the `do rfc1035 name` function of `util.c`, potentially leading to an out of bounds write. The exploitation of this issue does not require user interaction and can result in remote code execution, denial of service, or an out of memory situation. **Recommendations** For versions prior to 2.78, update to version 2.78 or later to resolve the issue. As a temporary workaround, consider restricting DNS response processing to minimize the risk of exploitation. Avoid using the `do rfc1035 name` function in `util.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions prior to 2.78 **Description** The issue is caused by a stack-based buffer overflow in the DNS server. It can be exploited by a remote attacker using a specially crafted DHCPv6 request, potentially leading to a denial of service or the execution of arbitrary code. **Recommendations** For versions prior to 2.78, update to version 2.78 or later to resolve the issue. As a temporary workaround, consider restricting access to the DHCPv6 service to minimize the risk of exploitation.

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8 Apple TV versions prior to 7 **Description** The issue is related to improper validation of IODataQueue object metadata in IOKit. This allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields. **Recommendations** For Apple iOS versions prior to 8, update to version 8 or later. For Apple TV versions prior to 7, update to version 7 or later.

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 11 **Description** The issue is related to memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This is due to improper access to objects in memory, which could corrupt memory and enable an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 6 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 7 through 10 **Description** The Protected Mode feature in Microsoft Internet Explorer does not properly implement the Integrity Access Level protection mechanism. This allows remote attackers to obtain medium-integrity privileges by leveraging access to a low-integrity process. An elevation of privilege issue exists in the way Internet Explorer handles process integrity level assignment in specific cases, which could allow arbitrary code to execute with elevated privileges. **Recommendations** For Microsoft Internet Explorer versions 7 through 10, update to a version that properly implements the Integrity Access Level protection mechanism to prevent elevation of privilege attacks.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iTunes versions prior to 11.0.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. **Recommendations** For Apple iTunes versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 9 through 10 **Description** A use-after-free issue allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that was not properly initialized or is deleted. This may corrupt memory, enabling an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 9 and 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.23 **Description** The issue is related to multiple stack-based buffer overflows in the send dg and send vc functions of the libresolv library in glibc. This can be exploited by a remote attacker to cause a denial of service or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF UNSPEC or AF INET6 address family. The exploitation may involve sending specially crafted DNS queries, leading to a buffer overflow condition. **Recommendations** For glibc versions prior to 2.23, update to version 2.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable libresolv library or disabling the use of the send dg and send vc functions until a patch is available. Additionally, avoid using the getaddrinfo function with the AF UNSPEC or AF INET6 address family in the affected API endpoints until the issue is resolved.