Michał Dardas

**Name of the Vulnerable Software and Affected Versions** lighttpd version 1.4.65 **Description** The issue is related to the mod wstunnel module in the lighttpd web server, which is connected to pointer dereference errors. If an invalid HTTP request, specifically a websocket handshake, is received, the handler function pointer is not initialized, leading to a null pointer dereference that crashes the server. This could be exploited by a remote attacker to cause a denial of service condition. **Recommendations** For lighttpd version 1.4.65, as a temporary workaround, consider disabling the mod wstunnel module until a patch is available. Restrict access to the websocket handshake endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions 0.104.0 through 0.104.2 ClamAV LTS version 0.103.5 and prior versions **Description** The issue is related to a heap buffer overflow due to improper bounds checking in the regex module used by the signature database load module. This could allow an authenticated, local attacker to crash ClamAV at database load time and possibly gain code execution. An attacker could exploit this by placing a crafted CDB ClamAV signature database file in the ClamAV database directory, potentially allowing them to run code as the clamav user. **Recommendations** For ClamAV versions 0.104.0 through 0.104.2, consider updating to a version that includes the fix for this issue. For ClamAV LTS version 0.103.5 and prior versions, update to a newer version that includes the fix. As a temporary workaround, consider restricting access to the ClamAV database directory to prevent attackers from placing crafted signature database files. Avoid using the vulnerable regex module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreedroidRPG version 1.0rc2 **Description** The issue arises from the assumption of data set lengths read from saved game files in map.c. It leads to a heap-based buffer overflow due to the lack of size verification when copying data from a file into a fixed-size heap-allocated buffer. **Recommendations** For FreedroidRPG version 1.0rc2, consider restricting access to saved game files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the affected map.c functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreedroidRPG version 1.0rc2 **Description** An issue in the savestruct internal.c file allows saved game files, which are composed of Lua scripts, to be modified and execute arbitrary Lua code while loading, leading to arbitrary code execution. **Recommendations** For FreedroidRPG version 1.0rc2, consider restricting the execution of Lua scripts from saved game files until a patch is available. As a temporary workaround, avoid loading saved game files from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Chocolate Doom version 3.0.0 Crispy Doom version 5.8.0 **Description** The issue arises from the server's failure to validate the user-controlled `num players` value, resulting in a buffer overflow. This allows a malicious user to overwrite the server's stack. **Recommendations** For Chocolate Doom version 3.0.0, update to a version that includes input validation for the `num players` value to prevent buffer overflows. For Crispy Doom version 5.8.0, apply a patch or update that properly validates user-controlled input to prevent stack overwrites.

**Name of the Vulnerable Software and Affected Versions** Cherokee versions 1.2.104 and earlier **Description** A cross-site scripting (XSS) issue was discovered in the handler server info.c file. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. This XSS issue can be used to reconfigure the server and execute arbitrary commands through the administrator panel. **Recommendations** For Cherokee versions 1.2.104 and earlier, consider disabling the About page in the default configuration of the web server and its administrator panel as a temporary workaround until a patch is available. Restrict access to the administrator panel to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Manolo GWTUpload version 1.0.3 **Description** An issue was discovered in the server/UploadServlet.java, which is the servlet for handling file upload. It accepts a `delay` parameter that causes a thread to sleep. This can be abused to cause all of a server's threads to sleep, leading to denial of service. **Recommendations** For Manolo GWTUpload version 1.0.3, consider disabling the `delay` parameter in the UploadServlet.java to prevent abuse. As a temporary workaround, restrict access to the UploadServlet.java to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cherokee versions 1.2.104 and earlier **Description** The issue is related to multiple memory corruption errors that can be exploited by a remote attacker to destabilize the work of a server. **Recommendations** For Cherokee versions 1.2.104 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cherokee versions 1.2.104 and earlier **Description** The issue allows remote attackers to trigger an out-of-bounds write in `cherokee handler cgi add env pair` in `handler cgi.c` by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers. **Recommendations** For Cherokee versions 1.2.104 and earlier, as a temporary workaround, consider restricting the number of request headers allowed to prevent exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Readdle Documents app versions prior to 6.9.7 **Description** An issue was discovered in the Readdle Documents app, where the application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. This allows any web site to execute JavaScript code that accesses a user's data via cross-origin requests. **Recommendations** For versions prior to 6.9.7, update to version 6.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the file-transfer web server and WebSocket server to minimize the risk of exploitation. Avoid using the Readdle Documents app until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Readdle Documents app versions prior to 6.9.7 **Description** The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker. **Recommendations** For versions prior to 6.9.7, update to version 6.9.7 or later to resolve the issue. As a temporary workaround, consider avoiding the extraction of ZIP archives from untrusted sources to minimize the risk of exploitation. Restrict access to the file-transfer web server to minimize the risk of Stored XSS attacks.