Mskowroncf

**Name of the Vulnerable Software and Affected Versions** Cloudflare Quiche versions 0.19.1 through 0.20.0 **Description** The issue is related to an unlimited resource allocation vulnerability, causing a rapid increase in memory usage of the system running the quiche server or client. A remote attacker could exploit this by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after completing the QUIC handshake. Exploitation was possible for the duration of the connection, which could be extended by the attacker. **Recommendations** For versions prior to 0.19.2 and 0.20.1, update to version 0.19.2 or 0.20.1 to resolve the issue. As a temporary workaround, consider restricting the number of 1-RTT CRYPTO frames that can be sent after the QUIC handshake to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wrangler versions 3.1.0 and earlier, Wrangler versions 2.20.1 and earlier **Description** The issue is related to a directory traversal vulnerability that occurs when running a local development server for Pages using the `wrangler pages dev` command. This vulnerability allows an attacker on the same network as the victim to connect to the local development server and access files outside of the development server directory. **Recommendations** For Wrangler versions 3.1.0 and earlier, update to a version later than 3.1.0 to resolve the issue. For Wrangler versions 2.20.1 and earlier, update to a version later than 2.20.1 to resolve the issue. As a temporary workaround, consider restricting access to the local development server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CIRCL versions prior to 1.3.3 **Description** The issue arises from insufficient input validation and lack of measures to neutralize instructions in dynamically executed code in the `crypto/rand.Read()` function. This could lead to a predictable shared secret in rare deployment cases where an error is thrown by the `Read()` function. Additionally, the `tkn20` and `blindrsa` components did not check if enough randomness was returned from the user-provided randomness source, typically `crypto/rand.Reader`. If the source does not return the right number of random bytes, the blinding for `blindrsa` is weak, and the integrity of the plaintext is not ensured in `tkn20`. **Recommendations** For versions prior to 1.3.3, update to CIRCL version 1.3.3 to resolve the issue. As a temporary workaround, consider disabling the use of `crypto/rand.Read()` until a patch is available. Restrict access to the `tkn20` and `blindrsa` components to minimize the risk of exploitation. Avoid using user-provided randomness sources that may not return the correct number of random bytes.

**Name of the Vulnerable Software and Affected Versions** WARP client for Android (affected versions not specified) **Description** The issue is caused by a misconfiguration in the manifest file of the WARP client for Android, allowing a task hijacking attack. An attacker can create a malicious mobile application to hijack legitimate apps and steal potentially sensitive information when installed on the victim's device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OctoRPKI versions prior to 1.4.4 **Description** Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter, causing the program to crash and preventing it from finishing the validation, resulting in a denial of service. This issue was discovered and reported by Donika Mirdita and Haya Shulman - Fraunhofer SIT, ATHENE. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 to resolve the issue. As a temporary workaround, consider restricting the length of CA chains to prevent exceeding the max iterations parameter until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Cloudflare WARP mobile client (affected versions not specified) **Description** The issue allowed a user to delete a VPN profile from the WARP mobile client on the iOS platform, despite the Lock WARP switch feature being enabled on the Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WARP Client (affected versions not specified) **Description** The issue allows bypassing policies configured for Zero Trust Secure Web Gateway. This can be achieved by using the `warp-cli` command with the `set-custom-endpoint` subcommand and specifying an unreachable endpoint, which causes the WARP Client to disconnect. As a result, administrative restrictions on a Zero Trust enrolled endpoint can be bypassed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cloudflare WARP iOS mobile client (affected versions not specified) **Description** The issue allowed users to bypass the Lock WARP switch feature on the WARP iOS mobile client. This was possible by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches simultaneously in the application settings, causing the WARP client to disconnect. As a result, users could bypass restrictions and policies enforced by the Zero Trust platform. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WARP iOS client (affected versions not specified) **Description** The Lock Warp switch feature in the Zero Trust platform can be bypassed due to insufficient policy verification by the WARP iOS client. This bypass can be achieved by using the "Disable WARP" quick action, allowing users of enrolled devices to disable the WARP client even when the Lock Warp switch is enabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WARP (affected versions not specified) **Description** The issue allows a user without admin privileges to bypass configured Zero Trust security policies, such as Secure Web Gateway policies, and features like 'Lock WARP switch' by utilizing warp-cli subcommands like `disable-ethernet` and `disable-wifi`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cloudflare WARP client for Windows versions up to 2022.5.309.0 **Description** The issue allows creation of mount points from the ProgramData folder of the Cloudflare WARP client during its installation. This could lead to privilege escalation and the overwrite of SYSTEM protected files. **Recommendations** For versions up to 2022.5.309.0, consider restricting access to the ProgramData folder as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cloudflare Warp for Windows versions 2022.2.95.0 through 2022.3.185.0 **Description** The issue is related to an unquoted service path in Cloudflare Warp for Windows, which enables arbitrary code execution leading to privilege escalation. **Recommendations** For versions 2022.2.95.0 through 2022.3.185.0, update to version 2022.3.186.0 to resolve the issue.