Oss-Fuzz

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.4.0 through 4.4.12 Wireshark versions 4.6.0 through 4.6.2 **Description** A crash exists in the IEEE 802.11 protocol dissector. This issue can lead to a denial of service. **Recommendations** Update Wireshark to a version later than 4.6.2. Update Wireshark to a version later than 4.4.12.

**Name of the Vulnerable Software and Affected Versions** Suricata versions 8.0.0 and earlier **Description** Suricata, a network IDS, IPS and NSM engine, experiences an issue where it incorrectly handles the entropy keyword when not anchored to a "sticky" buffer. This can result in a segmentation fault. As a workaround, users can disable rules utilizing the entropy keyword or ensure they are anchored to a sticky buffer. **Recommendations** Update to version 8.0.1 or later. Disable rules using the entropy keyword. Validate that rules using the entropy keyword are anchored to a sticky buffer.

**Name of the Vulnerable Software and Affected Versions** Qt versions 6.7.0 through 6.9.0 Qt6-svg qtsvg-opensource-src **Description** The issue is a use-after-free condition within the Qt framework, specifically related to the parsing of SVG files. The `renderPattern()` function and the SVG module are affected. The vulnerability occurs when a node is deleted after creation but is subsequently accessed, leading to a use-after-free scenario. This could allow an attacker to execute arbitrary code or cause a denial of service. The vulnerability impacts applications utilizing the Qt SVG module. **Recommendations** Update to Qt version 6.9.3. For systems using qt6-svg, apply the available security patch. For systems using qtsvg-opensource-src, apply the available security patch.

**Name of the Vulnerable Software and Affected Versions** Qt versions 6.7.0 through 6.9.0 **Description** A flaw exists that could lead to a denial-of-service (DoS) condition. This occurs when the software renders a Scalable Vector Graphics (SVG) file containing a `<pattern>` element, potentially resulting in recursive rendering and a stack overflow. **Recommendations** Restrict SVG files. Monitor for stack overflows.

Name of the Vulnerable Software and Affected Versions: Qt versions 6.6.0 through 6.8.3 Qt versions 6.9.0 through 6.9.1 Description: When passing values outside of the expected range to `QColorTransferGenericFunction`, it can cause a denial of service. This can occur when passing a specifically crafted ICC profile to `QColorSpace::fromICCProfile`. Recommendations: Update to Qt version 6.8.4 or 6.9.2.

Name of the Vulnerable Software and Affected Versions: Qt versions 6.8.0 through 6.8.4 Description: There is a Heap-based Buffer Overflow vulnerability in `QTextMarkdownImporter`. This requires an incorrectly formatted markdown file to be passed to `QTextMarkdownImporter` to trigger the overflow. Recommendations: For Qt versions 6.8.0 through 6.8.3, update to version 6.8.4 or later to resolve the issue. For Qt versions prior to 6.8.0, no action is required as these versions are not affected. As a temporary workaround, consider restricting the use of `QTextMarkdownImporter` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.2.0 through 4.2.10 Wireshark versions 4.4.0 through 4.4.3 **Description** The issue allows denial of service via packet injection or crafted capture file, specifically affecting the Bundle Protocol and CBOR dissector in Wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. **Recommendations** For Wireshark versions 4.2.0 through 4.2.10, update to a version outside of this range to resolve the issue. For Wireshark versions 4.4.0 through 4.4.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider avoiding the use of the Bundle Protocol and CBOR dissector until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.0 and 3.1 FIPS providers **Description** The issue is related to the functions `EVP PKEY param check()` and `EVP PKEY public check()` in the OpenSSL library, which can lead to a Denial of Service (DoS) attack when checking excessively long DSA keys or parameters. These functions perform various checks on DSA parameters, and some computations can take a long time if the modulus (`p` parameter) is too large. An application that calls these functions and supplies a key or parameters obtained from an untrusted source could be vulnerable to a DoS attack. The OpenSSL SSL/TLS implementation is not affected by this issue. **Recommendations** For OpenSSL versions 3.0 and 3.1 FIPS providers, consider disabling the `EVP PKEY param check()` and `EVP PKEY public check()` functions until a patch is available. Restrict access to the `pkey` and `pkeyparam` command line applications when using the `-check` option to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.0 through 3.1 **Description** The issue is related to the function `EVP PKEY public check()` in the OpenSSL library, which can lead to a Denial of Service (DoS) attack when checking excessively long invalid RSA public keys. This can cause long delays in applications that use this function to check RSA public keys obtained from untrusted sources. The `EVP PKEY public check()` function is called from the OpenSSL pkey command line application, making it vulnerable when used with the '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. **Recommendations** For OpenSSL versions 3.0 through 3.1, consider disabling the `EVP PKEY public check()` function until a patch is available to prevent potential Denial of Service attacks. Restrict access to the OpenSSL pkey command line application when used with the '-pubin' and '-check' options on untrusted data to minimize the risk of exploitation. Avoid using the `EVP PKEY public check()` function on untrusted RSA public keys until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jackson-dataformats-text (affected versions not specified) **Description** The issue allows for Denial of Service attacks. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash by stack overflow, potentially supporting a denial of service attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** htmlunit versions prior to 2.70.0 **Description** The issue allows an attacker to cause a denial of service attack by supplying content that causes htmlunit to crash due to a stack overflow when running on user-supplied web pages. This can happen when htmlunit is used to browse untrusted webpages. **Recommendations** For versions prior to 2.70.0, update to version 2.70.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of htmlunit for browsing untrusted web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** golang.org/x/text/language (affected versions not specified) **Description** The issue is related to the ParseAcceptLanguage function, which can be exploited to cause a denial of service by crafting a specific Accept-Language header. This header can cause the function to take significant time to parse, leading to a denial of service. The problem is due to the quadratic time complexity of the BCP 47 tag parser, which is exposed to untrusted user input. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For golang.org/x/text/language, consider limiting the total complexity of tags passed into ParseAcceptLanguage by limiting the number of dashes in the string to 1000 as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Reader (affected versions not specified) **Description** The issue is related to the Reader.Read function not setting a limit on the maximum size of file headers. A maliciously crafted archive could cause Reader.Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After the fix, Reader.Read limits the maximum size of header blocks to 1 MiB. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** Programs that compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases, the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.