Leekiyoon-Sec

**Name of the Vulnerable Software and Affected Versions** Cryptomator for iOS versions prior to 2.8.3 **Description** Cryptomator for iOS provides client-side encryption for files in the cloud. A flaw in integrity checks allows tampering with the vault configuration file, potentially leading to a man-in-the-middle attack during the Hub key loading process. Previously, the client trusted endpoints from the vault configuration without verifying host authenticity, which could allow an attacker to steal authentication tokens by substituting a legitimate authentication endpoint with a malicious **API endpoint**. The issue impacts users unlocking Hub-backed vaults with vulnerable client versions in environments where an attacker can modify the `vault.cryptomator` file. **Recommendations** Update to version 2.8.3 or later.

**Name of the Vulnerable Software and Affected Versions** Clasp versions prior to 3.2.0 **Description** A path traversal issue exists in Clasp, potentially allowing a remote attacker to execute code on the developer's machine. This occurs through a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences. The issue allows an attacker to modify files outside the project directory, leading to potential remote code execution. **API Endpoints** No API endpoints are mentioned in the provided descriptions. **Vulnerable Parameters or Variables** Filenames within Google Apps Script projects are vulnerable. **Recommendations** Update Clasp to version 3.2.0 or later. Only clone or pull scripts from trusted sources. Review the output of the `pull` and `clone` commands to verify only expected project files are modified.

**Name of the Vulnerable Software and Affected Versions** wolfSSL (affected versions not specified) **Description** The software contains buffer overflow issues within its Certificate Revocation List (CRL) parser when processing CRL numbers. A heap-based buffer overflow can occur during the improper storage of CRL numbers as hexadecimal strings. Additionally, a stack-based buffer overflow can be triggered with sufficiently large CRL numbers. These issues are exploitable with crafted CRLs, but only affect builds with CRL support enabled and when loading CRLs from untrusted sources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.