Seong-Joong Kim

**Name of the Vulnerable Software and Affected Versions** Whoopsie versions 0.2.69 and earlier **Description** The issue is related to the `parse report()` function in whoopsie.c, which mishandles memory allocation failures. This can be exploited by an attacker to cause a denial of service via a malformed crash file. The vulnerability is also associated with unlimited resource allocation. **Recommendations** For Whoopsie versions 0.2.69 and earlier, as a temporary workaround, consider disabling the `parse report()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** whoopsie versions prior to 0.2.52.5ubuntu0.5 whoopsie versions prior to 0.2.62ubuntu0.5 whoopsie versions prior to 0.2.69ubuntu0.1 **Description** The issue is related to the `parse report()` function in the whoopsie error registration service, which can cause a denial of service due to resource exhaustion resulting from a memory leak. This can be exploited by a local attacker using a crafted file. **Recommendations** For versions prior to 0.2.52.5ubuntu0.5, update to version 0.2.52.5ubuntu0.5 or later. For versions prior to 0.2.62ubuntu0.5, update to version 0.2.62ubuntu0.5 or later. For versions prior to 0.2.69ubuntu0.1, update to version 0.2.69ubuntu0.1 or later. As a temporary workaround, consider disabling the `parse report()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** apport versions prior to 2.20.1-0ubuntu2.24 apport versions prior to 2.20.9-0ubuntu7.16 apport versions prior to 2.20.11-0ubuntu27.6 **Description** The issue is related to an unhandled exception in the `check ignored()` function in apport/report.py, which can be exploited by a local attacker to cause a denial of service. Specifically, if the `mtime` attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. **Recommendations** For versions prior to 2.20.1-0ubuntu2.24, update to version 2.20.1-0ubuntu2.24 or later. For versions prior to 2.20.9-0ubuntu7.16, update to version 2.20.9-0ubuntu7.16 or later. For versions prior to 2.20.11-0ubuntu27.6, update to version 2.20.11-0ubuntu27.6 or later. As a temporary workaround, consider disabling the `check ignored()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** bson versions prior to 0.8 **Description** The issue is caused by an integer overflow due to the incorrect use of int instead of size t for many variables, parameters, and return values in the bson package. Specifically, the `bson ensure space()` function's `bytesNeeded` parameter can be exploited via properly constructed bson input, potentially leading to a denial of service. **Recommendations** For versions prior to 0.8, update to version 0.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `bson ensure space()` function until a patch is available. Avoid using the `bytesNeeded` parameter in the affected `bson ensure space()` function until the issue is resolved.