Jjleo

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.45 **Description** A flaw exists in GNU Binutils 2.45 within the `vfinfo` function located in the `ldmisc.c` file. This can lead to an out-of-bounds read condition when manipulation occurs. The issue is locally exploitable and the exploit has been publicly released. **Recommendations** Apply patch 16357 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.45 **Description** A security flaw exists in GNU Binutils 2.45, specifically within the `tg tag type` function located in the `prdbg.c` file. Manipulation of this function results in an unchecked return value. Exploitation requires local access and the exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.45 **Description** A flaw exists in GNU Binutils 2.45 within the `dump dwarf section` function located in the `binutils/objdump.c` file. Manipulation of the software can lead to an out-of-bounds read. This issue is exploitable with local access. The exploit is publicly available. **Recommendations** Install the patch f87a66db645caf8cc0e6fc87b0c28c78a38af59b to address this issue.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions prior to 2.46 **Description** A flaw exists in the Linker component of GNU Binutils. Specifically, the issue resides within the `elf swap shdr` function located in the `bfd/elfcode.h` library. This can lead to a heap-based buffer overflow when exploited. Successful exploitation requires local access. The exploit is publicly available. **Recommendations** Update to version 2.46 or later.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions prior to 2.46 **Description** A flaw exists in GNU Binutils impacting the ` bfd elf parse eh frame` function within the `bfd/elf-eh-frame.c` file of the Linker component. This can lead to a heap-based buffer overflow, with exploitation restricted to local execution. The exploit has been published. **Recommendations** Update to version 2.46 or later.

Name of the Vulnerable Software and Affected Versions: mruby versions up to 3.4.0-rc2 Description: A heap-based buffer overflow issue was found in the function `scope new` of the file `mrbgems/mruby-compiler/core/codegen.c` of the component nregs Handler. This issue can be exploited locally. Recommendations: For mruby versions up to 3.4.0-rc2, apply the patch 1fdd96104180cc0fb5d3cb086b05ab6458911bb9 to fix this issue. As a temporary workaround, consider restricting access to the `scope new` function until the patch is applied.

**Name of the Vulnerable Software and Affected Versions:** 9fans plan9port versions prior to 9da5b44 **Description:** A vulnerability exists in the `value decode` function within the `src/libsec/port/x509.c` library. The manipulation of this function leads to a null pointer dereference. Local access is required for exploitation. The exploit has been publicly disclosed and may be used. **Recommendations:** Apply the patch with identifier deae8939583d83fd798fca97665e0e94656c3ee8 to resolve this issue.

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A stack-based buffer overflow issue has been found, affecting the function H5G node cmp3 in the file src/H5Gnode.c. This issue can be exploited locally. Recommendations: For HDF5 version 1.14.6, consider disabling the H5G node cmp3 function as a temporary workaround until a patch is available. Restrict access to the affected file src/H5Gnode.c to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A null pointer dereference issue was found in the function `H5C flush single entry` of the file src/H5Centry.c. The manipulation leads to this issue, and the attack needs to be approached locally. Recommendations: For HDF5 version 1.14.6, consider restricting access to the `H5C flush single entry` function until a patch is available. As a temporary workaround, avoid using the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A problematic issue was found in the function `H5FL reg gc list` of the file `src/H5FL.c`. The manipulation leads to use after free. Attacking locally is a requirement. Recommendations: For HDF5 version 1.14.6, as a temporary workaround, consider disabling the `H5FL reg gc list` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A heap-based buffer overflow issue was found in the function H5O chunk protect of the file /src/H5Ochunk.c. This issue can be exploited locally. Recommendations: For HDF5 version 1.14.6, as a temporary workaround, consider disabling the function H5O chunk protect until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A vulnerability has been found in HDF5, affecting the function `H5C load entry` of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the `H5C load entry` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A heap-based buffer overflow issue has been found in the function `H5O mtime new encode` of the file `src/H5Omtime.c`. The manipulation leads to this issue, and attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Recommendations: For HDF5 version 1.14.6, consider disabling the `H5O mtime new encode` function as a temporary workaround until a patch is available. Restrict access to the `src/H5Omtime.c` file to minimize the risk of exploitation. Avoid using the `H5O mtime new encode` function in local attacks until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: oatpp Oat++ versions up to 1.3.1 Description: A critical vulnerability has been found, affecting the `deserializeArray` function in the file `src/oatpp/json/Deserializer.cpp`. This issue leads to a stack-based buffer overflow and can be initiated remotely. Recommendations: For versions up to 1.3.1, consider disabling the `deserializeArray` function as a temporary workaround until a patch is available. Restrict access to the `src/oatpp/json/Deserializer.cpp` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A problematic issue has been found in HDF5, affecting the function `H5FL malloc` of the file src/H5FL.c. This issue leads to a memory leak and requires local attacking to exploit. The exploit has been disclosed to the public and may be used. Recommendations: For HDF5 version 1.14.6, consider disabling the `H5FL malloc` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A problematic vulnerability was found in HDF5, affecting the function `H5FS sect link size` of the file src/H5FSsection.c. This manipulation leads to a heap-based buffer overflow. The attack can be launched on the local host. Recommendations: For HDF5 version 1.14.6, consider disabling the `H5FS sect link size` function as a temporary workaround until a patch is available. Restrict access to the affected file src/H5FSsection.c to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Tarantool versions up to 3.3.1 Description: A vulnerability has been found in the `tm to datetime` function in the library `src/lib/core/datetime.c`. The manipulation leads to a reachable assertion. Attacking locally is a requirement. Recommendations: For Tarantool versions up to 3.3.1, as a temporary workaround, consider disabling the `tm to datetime` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: vstakhov libucl versions up to 0.9.2 Description: A problematic vulnerability was found in the vstakhov libucl, affecting the function `ucl parse multiline string` of the file src/ucl parser.c. This vulnerability leads to a heap-based buffer overflow. The attack must be approached locally. Recommendations: For versions up to 0.9.2, consider disabling the `ucl parse multiline string` function as a temporary workaround until a patch is available. Restrict access to the src/ucl parser.c file to minimize the risk of exploitation. Avoid using the vulnerable function in local operations until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: HTACG tidy-html5 version 5.8.0 Description: A vulnerability was found in HTACG tidy-html5, affecting the function `prvTidyParseNamespace` of the file `src/parser.c`. The manipulation leads to a reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Recommendations: For HTACG tidy-html5 version 5.8.0, as a temporary workaround, consider disabling the `prvTidyParseNamespace` function until a patch is available. Restrict access to the `src/parser.c` file to minimize the risk of exploitation. Avoid using the affected function in local attacks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HTACG tidy-html5 version 5.8.0 Description: A vulnerability was found in HTACG tidy-html5, affecting the function `InsertNodeAsParent` of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue is considered to have a low severity and could cause application instability or denial-of-service conditions during HTML parsing. Recommendations: For HTACG tidy-html5 version 5.8.0, as a temporary workaround, consider disabling the `InsertNodeAsParent` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the affected function in the HTML parsing process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.