Tianstcht

Name of the Vulnerable Software and Affected Versions: PHP versions 8.1.* before 8.1.29 PHP versions 8.2.* before 8.2.20 PHP versions 8.3.* before 8.3.8 Description: The issue arises from insufficient escaping when using the `proc open()` function with array syntax, allowing a malicious user to supply arguments that execute arbitrary commands in the Windows shell. This is due to the lack of measures to neutralize special elements used in the command. The estimated number of potentially affected devices worldwide is around 25,304,775, mainly distributed in the United States, China, and other countries. Recommendations: For PHP versions 8.1.* before 8.1.29, update to version 8.1.29 or later to resolve the issue. For PHP versions 8.2.* before 8.2.20, update to version 8.2.20 or later to resolve the issue. For PHP versions 8.3.* before 8.3.8, update to version 8.3.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `proc open()` function until a patch is available. Avoid using the `proc open()` function with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.12 and prior **Description** The issue is related to a denial-of-service condition that occurs when handling WAV files. It affects 32-bit systems using PJSIP to play or read invalid WAV files, specifically when reading WAV file data chunks with lengths greater than 31-bit integers. This does not affect 64-bit applications or those that only play trusted WAV files. **Recommendations** For PJSIP versions 2.12 and prior, update to a version that includes the patch available on the `master` branch of the `pjsip/project` GitHub repository. As a temporary workaround, consider rejecting WAV files received from unknown sources or validate the files first to minimize the risk of exploitation.