Hartwork

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.8.2 **Description** The software lacks handler call depth tracking when specific functions are called from within handlers during a policy violation. This can lead to a use-after-free condition, which occurs when a program continues to use a pointer after it has been freed. The affected functions are `XML GetBuffer()`, `XML Parse()`, `XML ParseBuffer()`, `XML ParserFree()`, and `XML ParserReset()`. **Recommendations** Update to version 2.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.8.1 **Description** The computational complexity of attribute name collision checks allows a denial of service when processing moderately sized crafted XML input. **Recommendations** Update to version 2.8.1 or later.

**Name of the Vulnerable Software and Affected Versions** uriparser versions prior to 1.0.2 **Description** The function family `EqualsUri()` can misclassify two unequal URIs as equal. **Recommendations** Update to version 1.0.2 or later. As a temporary workaround, restrict the use of the `EqualsUri()` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** uriparser versions prior to 1.0.2 **Description** The software contains pointer difference truncation to int in various locations. **Recommendations** Update to version 1.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.7.5 **Description** The software contains a flaw where parsing DTD content can lead to an infinite loop. **Recommendations** Update libexpat to version 2.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.7.4 **Description** The issue resides in the `XML ExternalEntityParserCreate` function. It does not properly copy user data for unknown encoding handlers, potentially leading to memory corruption. Reports indicate a critical impact on Linux distributions and applications, with the possibility of Remote Code Execution (RCE). The issue is described as an XML External Entity (XXE) flaw. **Recommendations** Versions prior to 2.7.4 should be updated to version 2.7.4 or later.

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.7.5 **Description** The software contains a flaw where a NULL pointer dereference can occur when processing empty external parameter entity content. **Recommendations** Update to version 2.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** Biopython versions prior to 1.87 **Description** Bio.Entrez in Biopython allows doctype XML External Entity (XXE), which is a technique where an XML parser is tricked into processing external entities within a document type definition, potentially leading to unauthorized access to local files or server-side request forgery. **Recommendations** Update to version 1.87.

**Name of the Vulnerable Software and Affected Versions** libexpat versions prior to 2.6.4 **Description** The issue is related to the `XML ResumeParser` function in the libexpat library, which can cause a crash due to insufficient checking of unusual or exceptional states. This can be exploited by a remote attacker to cause a denial of service. The `XML StopParser` function can stop or suspend an unstarted parser, leading to the crash. **Recommendations** For libexpat versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider disabling the `XML ResumeParser` function until a patch is available. Restrict access to the `XML StopParser` function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: uriparser versions 0.9.7 and earlier Description: The issue is related to an integer overflow in the ComposeQueryMallocExMm function in UriQuery.c, which can be triggered by a long string. This can potentially allow a remote attacker to execute arbitrary code. Recommendations: For uriparser versions 0.9.7 and earlier, consider applying a patch or update when available to fix the integer overflow issue in the ComposeQueryMallocExMm function. As a temporary workaround, consider restricting input to prevent long strings from being processed by the ComposeQueryMallocExMm function until a patch is available.

Name of the Vulnerable Software and Affected Versions: uriparser versions 0.9.7 and earlier Description: An issue in the ComposeQueryEngine function of UriQuery.c in uriparser is related to an integer overflow, which can occur via long keys or values and result in a buffer overflow. This can potentially allow a remote attacker to execute arbitrary code or cause a denial of service. Recommendations: For uriparser versions 0.9.7 and earlier, consider disabling the ComposeQueryEngine function in UriQuery.c as a temporary workaround until a patch is available. Restrict exposure to the vulnerable function to minimize the risk of exploitation. Apply available patches to fix the integer overflow issue. Limit the use of long keys or values in the affected function to prevent buffer overflow.

**Name of the Vulnerable Software and Affected Versions** libexpat versions 2.4.9 and earlier **Description** The issue is related to a use-after-free vulnerability in the `XML ExternalEntityParserCreate` function of the libexpat XML parsing library. This vulnerability can be exploited by a remote attacker to cause a denial of service. The vulnerability occurs due to the overeager destruction of a shared DTD in out-of-memory situations. It may also lead to remote code execution with no additional execution privileges needed, and user interaction is not required for exploitation. **Recommendations** For libexpat versions 2.4.9 and earlier, update to a version later than 2.4.9 to resolve the issue. As a temporary workaround, consider disabling the `XML ExternalEntityParserCreate` function until a patch is available. Restrict access to the vulnerable library to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** uriparser versions prior to 0.9.6 **Description** The issue is related to the use of memory after it has been freed, which can be exploited by a remote attacker to cause a denial of service. It performs invalid free operations in `uriFreeUriMembers` and `uriMakeOwner` functions. **Recommendations** For versions prior to 0.9.6, update to version 0.9.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `uriFreeUriMembers` and `uriMakeOwner` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** uriparser versions prior to 0.9.6 **Description** The issue is related to the use of memory after it has been freed, which can be exploited by a remote attacker to cause a denial of service. It performs invalid free operations in the `uriNormalizeSyntax` function. **Recommendations** For versions prior to 0.9.6, update to version 0.9.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `uriNormalizeSyntax` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Expat versions prior to 2.4.3 **Description** The issue is related to an integer overflow in the `doProlog` function of the `xmlparse.c` file in the Expat library. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability exists due to an integer overflow for `m groupSize`. **Recommendations** For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `doProlog` function in `xmlparse.c` until a patch is available. Avoid using the `m groupSize` variable in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Expat (aka libexpat) versions prior to 2.4.3 **Description** The issue is related to a left shift by 29 (or more) places in the `storeAtts` function in xmlparse.c, which can lead to realloc misbehavior, such as allocating too few bytes or only freeing memory. This can cause a denial of service. Additionally, there is a mention of an integer overflow of `addBinding` in xmlparse.c, which could potentially allow a remote attacker to execute arbitrary code on the system by persuading a victim to open a specially-crafted file. **Recommendations** For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider disabling the `storeAtts` function until a patch is available. Restrict access to specially-crafted files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** git-big-picture versions prior to 1.0.0 **Description** The issue is related to the mishandling of `'` characters in a branch name, which can lead to code execution. **Recommendations** For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of `'` characters in branch names until the update is applied.

**Name of the Vulnerable Software and Affected Versions** USBGuard versions prior to 1.1.0 **Description** The issue is related to an access error in the usbguard-dbus daemon of the USBGuard software, which allows an unprivileged user to connect USB devices. This could enable an attacker to access confidential data, compromise data integrity, and cause a denial of service. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the usbguard-dbus daemon until a patch is available. Restrict access to the USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** grml-debootstrap versions 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 **Description** The issue arises from the file cmdlineopts.clp in grml-debootstrap, which is sourced without verifying that the local directory is writable by non-root users. **Recommendations** For versions 0.54, update to a version later than 0.54 to resolve the issue. For versions 0.68.x, update to version 0.68.1 or later. For versions 0.7x, update to version 0.78 or later.

**Name of the Vulnerable Software and Affected Versions** DokuWiki versions before 2014-05-05d and before 2014-09-29c **Description** The issue allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the "XMLRPC API". **Recommendations** For versions before 2014-05-05d and before 2014-09-29c, update to a version that properly checks permissions for the ACL plugins to prevent privilege escalation.