Ltx2018

**Name of the Vulnerable Software and Affected Versions** flac versions prior to 1.4.0 **Description** The issue is related to a buffer overflow in the `bitwriter grow ` function of the FLAC audio codec, which can allow an attacker to execute arbitrary code. This can be achieved by providing crafted input to the encoder. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `bitwriter grow ` function in the FLAC encoder until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libssh2 version 1.10.0 **Description** An issue was discovered in the ` libssh2 packet add` function that allows attackers to access out of bounds memory, potentially leading to a denial of service. This issue is related to a buffer overflow in the libssh2 library, which implements the SSH2 protocol. **Recommendations** For libssh2 version 1.10.0, consider updating to a newer version that addresses this issue, as accessing out of bounds memory can lead to service disruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** c-ares versions 1 16 1 through 1 17 0 **Description** The issue is related to a buffer overflow vulnerability in the `ares parse soa reply()` function of the c-ares library, which handles asynchronous DNS requests. This vulnerability can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For c-ares versions 1 16 1 through 1 17 0, update to version 1 17 1 or later to resolve the issue. As a temporary workaround, consider disabling the `ares parse soa reply()` function until a patch is available.