Marat Gayanov

Name of the Vulnerable Software and Affected Versions: Windows TCP/IP (affected versions not specified) Description: The issue is related to a null pointer dereference in Windows TCP/IP, which allows an authorized attacker to elevate privileges locally. This means an attacker with existing access to the system can potentially gain higher-level privileges, posing a significant security risk. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Ancillary Function Driver for WinSock (affected versions not specified) Description: A null pointer dereference exists in the Windows Ancillary Function Driver for WinSock. This issue allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** janus-gateway versions through 0.10.0 **Description** A buffer overflow issue was discovered via a crafted RTSP server, specifically in the `janus streaming rtsp parse sdp` function within `plugins/janus streaming.c`. This issue can be exploited by a crafted RTSP server. **Recommendations** For versions through 0.10.0, consider disabling the `janus streaming rtsp parse sdp` function as a temporary workaround until a patch is available. Restrict access to the `plugins/janus streaming.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** janus-gateway versions through 0.10.0 **Description** An issue was discovered in janus-gateway, where the `janus get codec from pt` function in `utils.c` has a Buffer Overflow via a long value in an SDP Offer packet. **Recommendations** For versions through 0.10.0, consider disabling the `janus get codec from pt` function until a patch is available. Restrict access to the `utils.c` module to minimize the risk of exploitation. Avoid using long values in SDP Offer packets in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.