Max

**Name of the Vulnerable Software and Affected Versions** snoyberg keter versions up to 1.8.1 **Description** A vulnerability has been found in snoyberg keter, classified as problematic. This issue affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument `host` leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For versions up to 1.8.1, upgrade to version 1.8.2 to address this issue. As a temporary workaround, consider restricting the manipulation of the `host` argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 5.5.1 **Description** The issue occurs when malicious clients cause a buffer overflow during a TLS 1.3 handshake, specifically when an attacker supposedly resumes a previous TLS session. This happens when a Hello Retry Request is triggered during the resumption Client Hello, and both Client Hellos contain a list of duplicate cipher suites. Two Client Hellos are required to trigger the buffer overflow: one in the resumed session and a second one as a response to a Hello Retry Request message. **Recommendations** For versions prior to 5.5.1, update to version 5.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of TLS 1.3 handshake resumption to minimize the risk of exploitation. Avoid using duplicate cipher suites in Client Hellos until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 5.5.0 **Description** An issue was discovered in wolfSSL when a TLS 1.3 client connects to a wolfSSL server and `SSL clear` is called on its session, causing the server to crash with a segmentation fault. This occurs in the second session, created through TLS session resumption, which reuses the initial `struct WOLFSSL`. The server crashes when it reuses the previous session structure by calling `wolfSSL clear(WOLFSSL* ssl)` on it, and then receives a Client Hello that resumes the previous session. This bug is only triggered when resuming sessions using TLS session resumption and affects servers that use `wolfSSL clear` instead of the recommended `SSL free`; `SSL new` sequence. `wolfSSL clear` is part of wolfSSL's compatibility layer and is not enabled by default. **Recommendations** For versions prior to 5.5.0, consider using the recommended `SSL free`; `SSL new` sequence instead of `wolfSSL clear` to avoid the issue. As a temporary workaround, avoid reusing the previous session structure by calling `wolfSSL clear(WOLFSSL* ssl)` on it, and instead use the recommended sequence to create a new session. Update to version 5.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wolfSSL version 5.3.0 **Description** An issue in wolfSSL allows man-in-the-middle attackers or a malicious server to crash TLS 1.2 clients during a handshake. This occurs when an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, causing the session cache to free a pointer that points to unallocated memory. It is likely that this issue is also exploitable during TLS 1.3 handshakes between a client and a malicious server, although it cannot be exploited as a man-in-the-middle in TLS 1.3. **Recommendations** For wolfSSL version 5.3.0, update to version 5.5.0 or later to resolve the issue. As a temporary workaround, consider disabling the `--enable-session-ticket` option until a patch is available. Restrict access to the NewSessionTicket message in TLS 1.2 handshakes to minimize the risk of exploitation. Avoid using large tickets (more than 256 bytes) in the NewSessionTicket message until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: tar-fs versions prior to 1.16.2 Description: A vulnerability exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink, allowing an Arbitrary File Overwrite issue. This occurs because the plain file content replaces the existing file content. Recommendations: For versions prior to 1.16.2, update to version 1.16.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** node-tar versions prior to 4.4.2 node-tar version 2.2.2 is not affected, but versions prior to 2.2.2 are affected **Description** The issue is related to incorrect link resolution before file access in the node-tar module of the Node.js library. This can allow a remote attacker to replace existing file content when extracting a tarball containing a hardlink to a file that already exists on the system, followed by a plain file with the same name as the hardlink. **Recommendations** For node-tar versions prior to 4.4.2, upgrade to version 4.4.2 or later. For node-tar versions prior to 2.2.2, upgrade to version 2.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.23 **Description** The issue is related to a stack-based buffer overflow in the catopen function, which can be exploited by context-dependent attackers. This can lead to a denial of service, causing the application to crash, or potentially allow the execution of arbitrary code if a long catalog name is used. **Recommendations** For versions prior to 2.23, update to version 2.23 or later to resolve the issue. As a temporary workaround, consider restricting the length of catalog names to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** phpBB version 2.0.18 **Description** The issue allows remote attackers to obtain sensitive information via a large SQL query. This query generates an error message that reveals SQL syntax or the full installation path. **Recommendations** For phpBB version 2.0.18, consider updating to a newer version that addresses this issue, as the current version reveals sensitive information through error messages generated by large SQL queries. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions 10.0 through 10.3.2 Apple Mac OS X Server versions 10.0 through 10.3.2 **Description** A buffer overflow issue exists in the cd9660.util component, potentially allowing local users to execute arbitrary code by providing a long command line parameter. **Recommendations** For Apple Mac OS X versions 10.0 through 10.3.2, update to a version later than 10.3.2 to resolve the issue. For Apple Mac OS X Server versions 10.0 through 10.3.2, update to a version later than 10.3.2 to resolve the issue.