Suidpit

**Name of the Vulnerable Software and Affected Versions** Inspektor Gadget (affected versions not specified) **Description** Inspektor Gadget has an issue where string fields from eBPF events in columns output mode are not sanitized, potentially allowing maliciously crafted event payloads from observed containers to inject ANSI escape sequences into the terminal of operators. This can lead to various effects due to the lack of sanitization of control characters. The columns output mode is the default when running Inspektor Gadget interactively. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inspektor Gadget versions prior to 0.48.1 **Description** Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary includes a subcommand for image building, which utilizes a `Makefile.build` file. This file incorporates user-controlled data without proper escaping, leading to a command injection issue. An attacker controlling values within the `buildOptions` structure can execute arbitrary commands during the image building process. Exploitation could occur on the Linux host where the `ig` command is executed, particularly when using the `--local` flag, or within the build container if the flag is not used. The `buildOptions` structure is derived from the YAML gadget manifest provided to the `ig image build` command, requiring control over the `build.yml` file or its options to exploit the issue. **Recommendations** Update to version 0.48.1 or later.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 3.3.3 **Description** OpenEXR is an image storage format used in the motion picture industry. Versions prior to 3.3.3 trust unvalidated dataWindow size values from file headers, potentially leading to excessive memory allocation and performance degradation when processing malicious files. **Recommendations** Update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** MaterialX versions 1.39.2 and below **Description** MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. The MaterialX XML parsing logic can potentially crash due to stack exhaustion when parsing an MTLX file with multiple nested nodegraph implementations. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. **Recommendations** Update to version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** MaterialX versions prior to 1.39.3 **Description** MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. **Recommendations** Update to MaterialX version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** MaterialX version 1.39.2 **Description** MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. **Recommendations** Update to version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** MaterialX version 1.39.2 **Description** MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. Nested imports of MaterialX files can lead to a crash due to stack memory exhaustion. This occurs because the library lacks a limit on the depth of the "import chain" when parsing file imports, utilizing recursion without depth restrictions. Constructing a deeply nested chain of MaterialX files referencing each other can exhaust the stack memory, causing a process crash. **Recommendations** Update to version 1.39.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions 3.3.0 through 3.3.2 **Description** OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. A heap-based buffer overflow occurs during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. **Recommendations** Update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 3.3.3 **Description** OpenEXR, an image storage format used in the motion picture industry, contains a flaw. A heap-based buffer overflow can occur during a read operation when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. The issue is due to bad pointer math. **Recommendations** Update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions 3.3.2 **Description** OpenEXR is an image storage format used in the motion picture industry. A NULL pointer dereference can occur in a write operation when reading a deep scanline image with a large sample count in reduceMemory mode in version 3.3.2, potentially causing a target application to crash. **Recommendations** Update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** Karmada versions prior to 1.12.0 **Description** Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. The system is vulnerable to a TarSlip vulnerability, which allows an attacker to write arbitrary files in arbitrary paths of the filesystem by supplying a malicious custom resource definition (CRD) file during Karmada initialization. This can be done by providing a filesystem path or an HTTP(s) URL to retrieve the CRDs needed by Karmada. The CRDs are downloaded as a gzipped tarfile, and an attacker can exploit this vulnerability to alter file paths. From Karmada version 1.12.0, CRDs archive verification is utilized to enhance file system robustness. **Recommendations** For versions prior to 1.12.0, when using `karmadactl init` to set up Karmada, manually inspect the CRD files to check for sequences such as `../` that would alter file paths, to determine if they potentially include malicious files. When using karmada-operator to set up Karmada, upgrade the karmada-operator to one of the fixed versions, which is version 1.12.0 or later.

Name of the Vulnerable Software and Affected Versions: Karmada versions prior to 1.12.0 Description: The issue is related to excessive privileges in PULL mode clusters, allowing an attacker who can authenticate as the karmada-agent to obtain administrative privileges over the entire federation system, including all registered member clusters. This can be exploited by abusing the permissions of the `karmadactl register` command. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For Karmada versions prior to 1.12.0, update to version 1.12.0 or later to restrict the access permissions of pull mode member clusters to control plane resources. As a temporary workaround, restrict the access permissions of pull mode member clusters to control plane resources according to Karmada Component Permissions Docs.

**Name of the Vulnerable Software and Affected Versions** Element Android versions 1.4.3 through 1.6.10 **Description** The issue allows a third-party malicious application to start any internal activity by passing some extra parameters, potentially making Element Android display an arbitrary web page, executing arbitrary JavaScript, bypassing PIN code protection, and enabling account takeover by spawning a login screen to send credentials to an arbitrary home server. **Recommendations** For Element Android versions 1.4.3 through 1.6.10, update to version 1.6.12 to resolve the issue. At the moment, there is no known workaround to mitigate the issue for these versions.

**Name of the Vulnerable Software and Affected Versions** Element Android versions 0.91.0 through 1.6.12 **Description** A third-party malicious application installed on the same phone can force Element Android to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. **Recommendations** For Element Android versions 0.91.0 through 1.6.11, update to version 1.6.12 to resolve the issue. For forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity, no action is required as they are not impacted.