Jurriaan Bremer

**Name of the Vulnerable Software and Affected Versions** YARA versions 3.x **Description** A heap buffer overflow issue exists in the yr object array set item() function, located in object.c, which can be triggered by scanning a maliciously crafted .NET file, leading to a denial-of-service attack. **Recommendations** For YARA version 3.x, update to a version that includes a fix for the heap buffer overflow issue in the yr object array set item() function.

**Name of the Vulnerable Software and Affected Versions** ZNC for Windows (znc-msvc) versions 0.206 and earlier **Description** The issue is a stack-based buffer overflow in the Fish plugin for ZNC, which can be exploited by remote attackers to cause a denial of service (crash) by sending a long string in a DH1080 INIT message. **Recommendations** For ZNC for Windows (znc-msvc) versions 0.206 and earlier, update to a version later than 0.206 to resolve the issue. As a temporary workaround, consider restricting access to the Fish plugin to minimize the risk of exploitation.