Lockedbyte

Name of the Vulnerable Software and Affected Versions: libxls version 1.6.2 readxl (affected versions not specified) Description: An issue was discovered in the `xls getWorkSheet` function within `xls.c` in libxls, allowing attackers to cause a denial of service via a crafted XLS file. This can lead to a Denial of Service (DoS) attack when a specially crafted XLS file is utilized. Recommendations: For libxls version 1.6.2, consider disabling the `xls getWorkSheet` function until a patch is available. For readxl, as the affected versions are not specified, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OSSEC version 3.6.0 Description: An issue was discovered in the os xml.c component, where an uncontrolled recursion vulnerability occurs when a large number of opening and closing XML tags is used. This happens because recursion is used in the ` ReadElem` function without restriction, allowing an attacker to trigger a segmentation fault once unmapped memory is reached. Recommendations: For OSSEC version 3.6.0, consider restricting the use of the ` ReadElem` function in os xml.c to prevent uncontrolled recursion until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.