Han0Nly

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 5.7.0 **Description** The issue is a null pointer dereference in the libr/bin/format/mach0/mach0.c file of radare2. It is likely to be exploitable. The problem is related to a heap buffer overflow, for which a more general description can be found in the CWE definition. **Recommendations** For versions prior to 5.7.0, update to version 5.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable mach0.c file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 5.6.8 **Description** The issue is related to improper validation of array index, which can lead to a heap overflow and may be exploitable. This is a type of heap buffer overflow. **Recommendations** For versions prior to 5.6.8, update to version 5.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable function until a patch is available. Avoid using the vulnerable array index in the affected code until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 5.6.8 **Description** The issue is related to an out-of-bounds write in the libr/bin/format/ne/ne.c file, which can cause a heap buffer overflow. This may be exploitable. The heap buffer overflow occurs when more data is written to a buffer than it is designed to hold, causing extra data to spill over into adjacent areas of memory. **Recommendations** For versions prior to 5.6.8, update to version 5.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `ne.c` file in the `libr/bin/format/ne` directory until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 5.8.6 **Description** A heap buffer overflow issue exists in the libr/bin/format/mach0/mach0.c file of the radare2 GitHub repository. This issue is likely exploitable, especially when the address sanitizer is disabled during compilation, allowing the program to execute into the `r str ncpy` function. **Recommendations** For versions prior to 5.8.6, update to version 5.8.6 or later to resolve the issue. As a temporary workaround, consider enabling the address sanitizer during compilation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Junrar versions prior to 7.4.1 **Description** A carefully crafted RAR archive can trigger an infinite loop while extracting the archive. The impact depends on how the application uses the library and whether files can be provided by malignant users. **Recommendations** For versions prior to 7.4.1, upgrade to version 7.4.1 as soon as possible, as there are no known workarounds for this issue.

**Name of the Vulnerable Software and Affected Versions** iText version 7.1.17 **Description** A stack-based buffer overflow was discovered in the component `ByteBuffer.append`, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. **Recommendations** For iText version 7.1.17, consider disabling the `ByteBuffer.append` component until a patch is available to prevent potential Denial of Service (DoS) attacks.