Q1Iq

**Name of the Vulnerable Software and Affected Versions** visionOS versions prior to 2.3 Safari versions prior to 18.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 macOS Sequoia versions prior to 15.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3 **Description** The issue is related to improved memory handling and may lead to a denial-of-service when processing web content. It is associated with unlimited resource allocation, which can be exploited by a remote attacker to cause a denial-of-service. **Recommendations** For visionOS versions prior to 2.3, update to visionOS 2.3. For Safari versions prior to 18.3, update to Safari 18.3. For iOS versions prior to 18.3, update to iOS 18.3. For iPadOS versions prior to 18.3, update to iPadOS 18.3. For macOS Sequoia versions prior to 15.3, update to macOS Sequoia 15.3. For watchOS versions prior to 11.3, update to watchOS 11.3. For tvOS versions prior to 18.3, update to tvOS 18.3.

**Name of the Vulnerable Software and Affected Versions** WebAssembly version 1.0.29 **Description** A segmentation fault was discovered in WebAssembly via the component wabt::Decompiler::WrapChild. **Recommendations** For version 1.0.29, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WebAssembly version 1.0.29 **Description** A heap overflow issue was discovered in WebAssembly via the wabt::Node::operator() component. **Recommendations** For version 1.0.29, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WebAssembly version 1.0.29 **Description** The issue is related to an abort in `CWriter::MangleType()`. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For WebAssembly version 1.0.29, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebAssembly version 1.0.29 **Description** A segmentation fault was discovered in WebAssembly via the component wabt::cat compute size. **Recommendations** For version 1.0.29, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** radare2 version 5.8.3 **Description** A segmentation fault was discovered in radare2 via the component wasm dis at p/wasm/wasm.c. **Recommendations** For radare2 version 5.8.3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Nginx NJS versions 0.7.2 through 0.7.4 **Description** The issue is related to a segmentation violation via the `njs scope valid value` function at `njs scope.h`. This could potentially allow a remote attacker to cause a denial of service. The vendor disputes the significance of this report, stating that NJS does not operate on untrusted input. **Recommendations** For Nginx NJS versions 0.7.2 through 0.7.4, consider disabling the `njs scope valid value` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wasm-interp version 1.0.29 **Description** The issue is related to an out-of-bounds read in the `OnReturnCallExpr` component, specifically via the `GetReturnCallDropKeepCount` method. **Recommendations** For version 1.0.29, consider restricting access to the `OnReturnCallExpr` component until a patch is available. As a temporary workaround, avoid using the `GetReturnCallDropKeepCount` method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** wasm-interp version 1.0.29 **Description** A heap overflow issue was discovered in the `std::vector` component, specifically via `std::vector<wabt::Type, std::allocator<wabt::Type>>::size()` at `/bits/stl vector.h`. **Recommendations** For version 1.0.29, consider updating to a newer version that contains a fix for this issue, if available. As a temporary workaround, restrict access to the vulnerable component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wasm-interp version 1.0.29 **Description** The issue is related to an out-of-bounds read in the `OnReturnCallIndirectExpr` component, specifically via the `GetReturnCallDropKeepCount` method. **Recommendations** For version 1.0.29, consider restricting access to the `OnReturnCallIndirectExpr` component until a patch is available. As a temporary workaround, avoid using the `GetReturnCallDropKeepCount` method in the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wasm2c version 1.0.29 **Description** An issue was discovered in wasm2c, where an abort occurs in the CWriter::Write function. **Recommendations** For version 1.0.29, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Nginx NJS version 0.7.2 **Description** The issue is related to a heap-use-after-free bug caused by an illegal memory copy in the `njs json parse iterator call` function at `njs json.c`. This bug can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Nginx NJS version 0.7.2, as a temporary workaround, consider disabling the `njs json parse iterator call` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 15.6 iOS versions prior to 15.6 iPadOS versions prior to 15.6 macOS Monterey versions prior to 12.5 **Description** A memory corruption issue was addressed with improved validation. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to a buffer overflow in WPE WebKit and WebKitGTK modules, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For Safari versions prior to 15.6, update to Safari 15.6 to resolve the issue. For iOS versions prior to 15.6, update to iOS 15.6 to resolve the issue. For iPadOS versions prior to 15.6, update to iPadOS 15.6 to resolve the issue. For macOS Monterey versions prior to 12.5, update to macOS Monterey 12.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nginx NJS version 0.7.2 **Description** The issue is related to a segmentation violation in the `njs string offset` function at `src/njs string.c`. This can lead to an uncontrolled resource consumption. An attacker, acting remotely, may exploit this issue to elevate their privileges. **Recommendations** For Nginx NJS version 0.7.2, as a temporary workaround, consider disabling the `njs string offset` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nginx NJS version 0.7.2 **Description** The issue is related to the function `njs array convert to slow array` at `src/njs array.c` in the Nginx NJS interpreter, which can lead to uncontrolled resource consumption. This can potentially allow a remote attacker to elevate their privileges. The problem is caused by a segmentation violation in the mentioned function. **Recommendations** For Nginx NJS version 0.7.2, consider disabling the `njs array convert to slow array` function as a temporary workaround until a patch is available. Restrict access to the `njs array.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nginx NJS version 0.7.2 **Description** The issue is related to a segmentation violation via the `njs lvlhsh bucket find()` function at `njs lvlhsh.c` in the Nginx NJS interpreter. This can lead to an uncontrolled resource consumption, potentially allowing a remote attacker to cause a denial of service. **Recommendations** For Nginx NJS version 0.7.2, consider disabling the `njs lvlhsh bucket find()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moddable versions prior to 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 **Description** The issue is related to an out-of-bounds read via the `fxUint8Getter` function at `/moddable/xs/sources/xsDataView.c`. **Recommendations** For versions prior to 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45, consider disabling the `fxUint8Getter` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Nginx NJS version 0.7.2 **Description** The issue is related to a segmentation violation in the `njs vmcode interpreter` function at `src/njs vmcode.c`. This can lead to an uncontrolled resource consumption. An attacker could potentially exploit this to cause a denial of service. **Recommendations** For Nginx NJS version 0.7.2, as a temporary workaround, consider disabling the `njs vmcode interpreter` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Espruino version 2v11.251 **Description** A stack buffer overflow issue was discovered in Espruino via the `jsvNewFromString` function in `src/jsvar.c`. **Recommendations** For Espruino version 2v11.251, consider restricting the use of the `jsvNewFromString` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Espruino version 2v11 **Description** A stack buffer overflow issue was discovered in Espruino via the src/jsvar.c file, specifically in the jsvGetNextSibling function. **Recommendations** For Espruino version 2v11, consider restricting access to the jsvGetNextSibling function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.