Ryujiyasu

**Name of the Vulnerable Software and Affected Versions** Zserio versions prior to 2.18.1 **Description** Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, leading to an Out of Memory (OOM) error and causing a Denial of Service by crashing the process. **Recommendations** Update to version 2.18.1.

**Name of the Vulnerable Software and Affected Versions** Zserio versions prior to 2.18.1 **Description** An issue exists in the `readBytes()` and `readString()` functions within BitStreamReader.h where the `setBitPosition()` bounds check receives an overflowed value and is bypassed. This allows the system to attempt reading 512 MB of data from a buffer that is only a few bytes long, resulting in a segmentation fault, which is a crash caused by attempting to access a memory location that the program is not allowed to access. **Recommendations** Update to version 2.18.1.