Oblivionsage

**Name of the Vulnerable Software and Affected Versions** Telegram Desktop versions prior to 6.7.6 **Description** A null pointer dereference (a condition where a program attempts to read from a memory address that is null, typically causing a crash) can be triggered remotely in the Bot API component. The issue exists within the `RequestButton()` function located in the `Telegram/SourceFiles/boxes/url auth box.cpp` file, specifically through the manipulation of the `login url` argument. **Recommendations** Update to a version newer than 6.7.5. As a temporary workaround, restrict the use of the `RequestButton()` function in the Bot API component.

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack’s `Rack::Files#fail` function incorrectly calculates the `Content-Length` response header using `String#size` instead of `String#bytesize`. This occurs when the response body contains multibyte UTF-8 characters, resulting in a declared `Content-Length` smaller than the actual number of bytes sent. An attacker can trigger this by requesting a non-existent path with percent-encoded UTF-8 characters, leading to incorrect HTTP response framing and potential response desynchronization. The `Rack::Files` component reflects the requested path in 404 responses, which contributes to the issue when handling requests with multibyte characters. This can cause inconsistencies in response parsing or desynchronization, particularly in deployments with keep-alive connections and intermediaries relying on the `Content-Length` header. Recommendations Update to Rack version 2.2.23 or later. Update to Rack version 3.1.21 or later. Update to Rack version 3.2.6 or later.

**Name of the Vulnerable Software and Affected Versions** MongoDB (affected versions not specified) **Description** User-controlled `chunkSize` metadata lacks appropriate validation, potentially leading to malformed GridFS metadata overflowing the bounding container. This can result in a heap allocation failure during file handling. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** A flaw exists in QEMU where a specifically designed VMDK image can cause an out-of-bounds read. This could result in a leak of up to 12 bytes of sensitive information or a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LIBPNG versions 1.2.1 through 1.6.55 **Description** LIBPNG is a library used by applications to read, create, and manipulate PNG raster image files. Versions 1.2.1 through 1.6.55 contain an issue where the `png set tRNS` and `png set PLTE` functions alias a heap-allocated buffer between `png struct` and `png info`, sharing a single allocation across two structures with independent lifetimes. This aliasing has been present since at least libpng 1.0 for `trans alpha` and since at least 1.2.1 for `palette`. When `png free data` is called with `PNG FREE TRNS` or `PNG FREE PLTE`, the buffer is freed through `info ptr` while the corresponding `png ptr` pointer remains dangling. Subsequent row-transform functions may then dereference and write to this freed memory. Calling `png set tRNS` or `png set PLTE` a second time has the same effect, as these functions call `png free data` internally before reallocating the `info ptr` buffer. **Recommendations** Versions 1.2.1 through 1.6.55 should be updated to version 1.6.56 or later.

**Name of the Vulnerable Software and Affected Versions** Node.js versions 20.19.4 through 24.4.1 **Description** A path traversal vulnerability exists in Node.js when running on Microsoft Windows. The `path.normalize()` function fails to block Windows device names such as CON, PRN, and AUX, allowing attackers to exploit this behavior for path traversal attacks. The vulnerability leverages the specific way Windows handles reserved device filenames. **Recommendations** Node.js versions prior to 20.19.4 should be updated. Node.js versions prior to 22.17.1 should be updated. Node.js versions prior to 24.4.1 should be updated.