Prasanth Sundararajan

**Name of the Vulnerable Software and Affected Versions** BC-JAVA versions 1.74 through 1.83 **Description** Improper neutralization of special elements used in an LDAP query, known as LDAP injection, exists in the BC-JAVA bcprov modules. This issue is associated with the program files LDAPStoreHelper. **Recommendations** Update to version 1.84.

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 5.8.4 **Description** An integer underflow in the packet sniffer component of wolfSSL allows an attacker to cause a buffer overflow in the AEAD decryption path. This occurs when a TLS record shorter than the expected length is injected into traffic inspected by `ssl DecodePacket`. The underflow results in a large value being passed to AEAD decryption routines, leading to a heap buffer overflow and a crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records. The vulnerable component is the AEAD decryption path, specifically during the processing of TLS records. The vulnerable function is `ssl DecodePacket`. The `IV` (Initialization Vector) and authentication tag are involved in the length calculation that is susceptible to the underflow. **Recommendations** wolfSSL versions prior to 5.8.4 should be updated.