Meng Ruijie

**Name of the Vulnerable Software and Affected Versions** Mesa version 23.0.4 **Description** A buffer over-read was discovered in the `glXQueryServerString()` function. This issue is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controlled server. **Recommendations** For Mesa version 23.0.4, consider disabling the `glXQueryServerString()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** S-Lang version 2.3.2 **Description** A segmentation fault was discovered in S-Lang via the function `fixup tgetstr()`. **Recommendations** For S-Lang version 2.3.2, consider disabling the `fixup tgetstr()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenGL libglvnd version bb06db5a **Description** A segmentation violation was discovered in the libglxproto.c file of OpenGL libglvnd via the `glXGetDrawableScreen()` function. This issue is disputed as there are no common situations where users require uninterrupted operation with an attacker-controlled server. **Recommendations** For version bb06db5a, as a temporary workaround, consider restricting the use of the `glXGetDrawableScreen()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mesa version 23.0.4 **Description** A segmentation violation was discovered in glx pbuffer.c when calling ` glXGetDrawableAttribute()`. This issue is disputed as there are no common situations where users require uninterrupted operation with an attacker-controlled server. **Recommendations** For Mesa version 23.0.4, consider disabling the ` glXGetDrawableAttribute()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mesa version 23.0.4 **Description** A NULL pointer dereference was discovered in Mesa via the function `dri2GetGlxDrawableFromXDrawableId()`. This issue is triggered when the X11 server sends a `DRI2 BufferSwapComplete` event unexpectedly while the application is using DRI3. It is noted that the vulnerability is disputed as there is no demonstrated scenario. **Recommendations** For Mesa version 23.0.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Graphviz versions 2.36.0 through 9.x before 10.0.1 Graphviz versions 2.36 before 10.0.0 Description: The issue is related to an out-of-bounds read in the Graphviz application, which can be exploited via a crafted config6a file. This may allow an attacker to execute arbitrary code. The exploitability may be uncommon because the config6a file is typically owned by root. Recommendations: For Graphviz versions 2.36.0 through 9.x before 10.0.1, update to version 10.0.1 or later to resolve the issue. For Graphviz versions 2.36 before 10.0.0, update to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the config6a file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** S-Lang version 2.3.2 **Description** The issue is related to an arithmetic exception in S-Lang via the `tt sprintf()` function. **Recommendations** For S-Lang version 2.3.2, consider disabling the `tt sprintf()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mesa version 23.0.4 **Description** A NULL pointer dereference was discovered in the `check xshm()` function for the `has error` state. It is noted that this issue is disputed because there is no demonstrated scenario in which the vulnerability can be exploited. **Recommendations** For Mesa version 23.0.4, as a temporary workaround, consider disabling the `check xshm()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sane version 1.2.1 **Description** An issue in Sane allows a local attacker to execute arbitrary code via a crafted file to the `sanei configure attach()` function. This issue is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. **Recommendations** For Sane version 1.2.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sane version 1.2.1 **Description** The issue is related to a heap bounds overwrite in the `init options()` function from `backend/test.c` via a long `init mode` string in a configuration file. This is disputed because there is no expectation that `test.c` code should be executed with an attacker-controlled configuration file. **Recommendations** For Sane version 1.2.1, consider restricting access to the `init options()` function or limiting the length of the `init mode` string in configuration files to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contiki-NG tinyDTLS versions through master branch 53a0d97 **Description** A buffer over-read issue exists in the `dtls sha256 update` function, allowing remote attackers to cause a denial of service via crafted data packets. This issue affects Contiki-NG tinyDTLS, enabling attackers to disrupt service. **Recommendations** For Contiki-NG tinyDTLS versions through master branch 53a0d97, as a temporary workaround, consider disabling the `dtls sha256 update` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contiki-NG tinyDTLS through master branch 53a0d97 **Description** An assertion failure in the `check certificate request()` function allows attackers to cause a denial of service. This issue affects Contiki-NG tinyDTLS, enabling attackers to exploit it and disrupt service. **Recommendations** For Contiki-NG tinyDTLS through master branch 53a0d97, as a temporary workaround, consider disabling the `check certificate request()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contiki-NG tinyDTLS through master branch 53a0d97 **Description** An issue exists in the handling of a ClientHello handshake message, where an infinite loop bug can be triggered by remote attackers sending a malformed message with an odd length of cipher suites. This results in a denial of service, consuming all resources, and a buffer over-read that can disclose sensitive information. **Recommendations** For Contiki-NG tinyDTLS through master branch 53a0d97, consider disabling the handling of ClientHello handshake messages with odd length cipher suites as a temporary workaround until a patch is available. Restrict access to the tinyDTLS module to minimize the risk of exploitation. Avoid using the `cipher suites` variable in the affected handshake message until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contiki-NG tinyDTLS versions through master branch 53a0d97 **Description** The issue allows attackers to obtain sensitive information via crafted input to the `dtls ccm decrypt message()` function. **Recommendations** For Contiki-NG tinyDTLS versions through master branch 53a0d97, consider restricting the input to the `dtls ccm decrypt message()` function to prevent buffer over-read until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.