Haoxin Tu

**Name of the Vulnerable Software and Affected Versions** symisc UnQLite versions up to 957c377cb691a4f617db9aba5cc46d90425071e2 **Description** A critical vulnerability was found in symisc UnQLite, affecting the `jx9MemObjStore` function in the `/data/src/benchmarks/unqlite/unqlite.c` file. This issue leads to a heap-based buffer overflow. The attack can be launched on the local host. The exploit has been publicly disclosed. **Recommendations** For versions up to 957c377cb691a4f617db9aba5cc46d90425071e2, as a temporary workaround, consider disabling the `jx9MemObjStore` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QuickJS versions up to 0.8.0 **Description** A stack-based buffer overflow issue was found in the JS GetRuntime function of the quickjs.c file in the qjs component. This issue can be exploited remotely, leading to a buffer overflow on the stack. The problem is declared as problematic. Upgrading to version 0.9.0 can address this issue. **Recommendations** For QuickJS versions up to 0.8.0, upgrade to version 0.9.0 to address the issue. As a temporary workaround, consider restricting access to the JS GetRuntime function until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions 2.43 through 2.44 **Description** A memory leak issue has been identified, affecting the `display info` function of the `binutils/bucomm.c` file in the `objdump` component. This issue can be exploited locally, leading to a memory leak. The exploit has been publicly disclosed. **Recommendations** For GNU Binutils versions 2.43 through 2.44, apply the patch named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d to fix this issue. As a temporary workaround, consider restricting access to the `display info` function of the `objdump` component until the patch is applied.