Jason Huibin Wong

**Name of the Vulnerable Software and Affected Versions** SourceCodester Phone Contact Manager System version 1.0 **Description** The issue is related to insufficient input validation, which can allow an attacker to execute arbitrary code. It affects the function UserInterface::MenuDisplayStart of the component User Menu, where the manipulation of the `name` argument leads to improper input validation. This requires a local attack. The exploit has been disclosed publicly. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the UserInterface::MenuDisplayStart function until a patch is available. Additionally, avoid manipulating the `name` argument in the User Menu component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Phone Contact Manager System version 1.0 **Description** The issue is related to a buffer overflow in memory. It is possible to launch the attack on the local host. The manipulation of the `UserInterface::MenuDisplayStart` function in the User Menu component leads to this buffer overflow, potentially allowing an attacker to execute arbitrary code. **Recommendations** For version 1.0, consider disabling the `UserInterface::MenuDisplayStart` function as a temporary workaround until a patch is available. Restrict access to the User Menu component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.