Marlies Ruck

**Name of the Vulnerable Software and Affected Versions** H2O versions 2.2.4 and earlier **Description** A buffer overflow issue allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors. **Recommendations** For H2O versions 2.2.4 and earlier, update to a version later than 2.2.4 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: bacserv versions 0.8.5 through 0.9.1 Description: The issue is caused by a lack of packet-size validation, leading to a Buffer Overflow in the bvlc.c component of the BACnet Protocol Stack. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The `bvlc bdt forward npdu()` function calls `bvlc encode forwarded npdu()`, which copies content from the request into a local stack frame in `bvlc bdt forward npdu()` and overwrites the canary. The attack vector involves a BACnet/IP device with BBMD enabled, connected to an IP network, that is based on this library. Recommendations: For versions 0.8.5 through 0.9.1, update to version 0.8.6 to resolve the issue. As a temporary workaround, consider restricting access to the `bvlc bdt forward npdu()` function and the `bvlc encode forwarded npdu()` function until the update is applied.