Stephan Zeisberg

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.2 Security Update 2019-002 Mojave (affected versions not specified) Security Update 2019-007 High Sierra (affected versions not specified) **Description** A buffer overflow issue was addressed with improved bounds checking, which could allow an attacker in a privileged position to perform a denial of service attack. **Recommendations** For macOS versions prior to 10.15.2, update to macOS Catalina 10.15.2 or later. For Security Update 2019-002 Mojave, apply Security Update 2019-002 or later. For Security Update 2019-007 High Sierra, apply Security Update 2019-007 or later.

**Name of the Vulnerable Software and Affected Versions** libreswan versions 3.27 through 3.31 **Description** An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan, where an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. This issue allows a remote attacker to cause a denial of service. **Recommendations** For libreswan versions 3.27 through 3.31, as a temporary workaround, consider restricting access to the pluto daemon to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.4 CUPS (affected versions not specified) **Description** A memory corruption issue was addressed with improved validation, which may allow an application to gain elevated privileges. The issue is related to a buffer overflow in memory, potentially allowing an attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For macOS versions prior to 10.15.4, update to macOS Catalina 10.15.4 to resolve the issue. For CUPS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cyrus-sasl version 2.1.27 **Description** The issue is related to an out-of-bounds write that can cause an unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. This is ultimately caused by an off-by-one error in the ` sasl add string` function in `common.c` in cyrus-sasl. The vulnerability is associated with incorrect handling of an LDAP packet, which can be exploited by a remote attacker to cause a denial-of-service. **Recommendations** For cyrus-sasl version 2.1.27, consider applying a patch to fix the off-by-one error in the ` sasl add string` function to prevent the out-of-bounds write. As a temporary workaround, restrict access to the LDAP service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CUPS versions prior to the version included in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra **Description** The issue is caused by a buffer overflow in the `asn1 get packed` function of the libcups library in the CUPS print server. This can be exploited by a remote attacker to cause a denial of service. An attacker in a privileged network position may be able to execute arbitrary code due to a buffer overflow issue, which has been addressed with improved memory handling. **Recommendations** For versions prior to the fixed version, consider applying the Security Update 2019-004 to High Sierra or Sierra, or updating to macOS Mojave 10.14.6 to resolve the issue. As a temporary workaround, consider restricting access to the CUPS print server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.6 Security Update versions prior to 2019-004 for High Sierra and Sierra **Description** A buffer overflow issue was addressed with improved memory handling. An attacker in a privileged network position may be able to execute arbitrary code. The issue is related to the `asn1 get type` function in the libcups library of the CUPS print server, which can cause a stack-based buffer overflow. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For High Sierra and Sierra, apply Security Update 2019-004 or later. As a temporary workaround, consider restricting access to the CUPS print server until a patch is available.

Name of the Vulnerable Software and Affected Versions: fmtlib versions prior to 4.1.0 Description: The issue is related to a memory corruption problem that can cause a Denial of Service. It occurs when an invalid format specifier is used in the `fmt::print()` function, resulting in a SIGSEGV due to memory corruption. This can be exploited by specifying an invalid format specifier in the `fmt::print()` function. Recommendations: For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider validating format specifiers before passing them to the `fmt::print()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** POCO C++ Libraries versions prior to 1.8 **Description** The issue concerns a "file path injection vulnerability" in the ZipCommon::isValidPath() function, which does not properly restrict the filename value in the ZIP header. This allows attackers to conduct absolute path traversal attacks during ZIP decompression, potentially creating or overwriting arbitrary files via a crafted ZIP file. **Recommendations** For versions prior to 1.8, update to version 1.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of ZIP files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ProFTPD versions prior to 1.3.6b ProFTPD version 1.3.7rc before 1.3.7rc2 **Description** The issue is related to the incorrect handling of overly long commands in the main.c component of the ProFTPD FTP server. This can lead to a remote unauthenticated denial-of-service, causing the server to enter an infinite loop. The vulnerability allows a remote attacker to exploit this weakness, resulting in a denial-of-service. **Recommendations** For ProFTPD versions prior to 1.3.6b, update to version 1.3.6b or later. For ProFTPD version 1.3.7rc before 1.3.7rc2, update to version 1.3.7rc2 or later.