Steven Van Acker

**Name of the Vulnerable Software and Affected Versions** Pound versions 1.8.2 and earlier **Description** The issue is related to a buffer overflow in the `add port` function, which can be exploited by remote attackers to execute arbitrary code via a long `Host` HTTP header. Additionally, there are multiple vulnerabilities in the Pound package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For Pound versions 1.8.2 and earlier, consider disabling the `add port` function as a temporary workaround until a patch is available. Restrict access to the Pound package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.