Randomssro

#9559of 53,608
28.9Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2023-23551
7.8
2023-05-09
Catdoc · Catdoc · CVE-2023-31979
**Name of the Vulnerable Software and Affected Versions** Catdoc version 0.95 **Description** A global buffer overflow issue was discovered in Catdoc via the `process file` function at `/src/reader.c`. **Recommendations** For Catdoc version 0.95, consider disabling the `process file` function as a temporary workaround until a patch is available.
PT-2023-23553
7.8
2023-05-09
Sngrep · Sngrep · CVE-2023-31981
**Name of the Vulnerable Software and Affected Versions** Sngrep version 1.6.0 **Description** A stack buffer overflow issue was discovered in the function `packet set payload` at `/src/packet.c`. This issue affects the `packet set payload` function, which is located in the `/src/packet.c` file. **Recommendations** For Sngrep version 1.6.0, consider disabling the `packet set payload` function as a temporary workaround until a patch is available. Restrict access to the `/src/packet.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2023-23554
7.8
2023-05-09
Sngrep · Sngrep · CVE-2023-31982
**Name of the Vulnerable Software and Affected Versions** Sngrep version 1.6.0 **Description** A heap buffer overflow issue was discovered in the function `capture packet reasm ip` at `/src/capture.c`. This issue affects the specified version of Sngrep. **Recommendations** For Sngrep version 1.6.0, consider disabling the `capture packet reasm ip` function as a temporary workaround until a patch is available. Restrict access to the `/src/capture.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-22673
5.5
2023-04-25
Yasm · Yasm · CVE-2023-30402
**Name of the Vulnerable Software and Affected Versions** YASM version 1.3.0 **Description** A heap overflow issue was discovered in YASM via the `handle dot label` function at `/nasm/nasm-token.re`. This issue has been disputed by third parties, arguing it is a bug rather than a security issue because YASM is a standalone program not designed to run untrusted code. **Recommendations** For YASM version 1.3.0, as a temporary workaround, consider restricting the use of the `handle dot label` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.