Van-Thuan Pham

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 **Description** A mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, which results in a segmentation fault and denial of service. This occurs when user-controlled input influences the encoding passed to the `mb regex encoding()` function. **Recommendations** Update to version 8.2.31 or later. Update to version 8.3.31 or later. Update to version 8.4.21 or later. Update to version 8.5.6 or later. As a temporary workaround, restrict user-controlled input from influencing the encoding passed to the `mb regex encoding()` function.

**Name of the Vulnerable Software and Affected Versions** libxml2 version 20904-GITv2.9.4-16-g0741801 **Description** The issue is related to a stack-based buffer overflow in the `xmlSnprintfElementContent` function in `valid.c`. This function is supposed to recursively dump the element content definition into a char buffer `buf` of size `size`. However, at the end of the routine, it may concatenate two more characters without checking whether the current `strlen(buf) + 2 < size`. This can cause programs that use libxml2, such as PHP, to crash. The vulnerability is associated with a buffer overflow in memory, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For libxml2 version 20904-GITv2.9.4-16-g0741801, as a temporary workaround, consider disabling the `xmlSnprintfElementContent` function until a patch is available. Restrict access to the `valid.c` module to minimize the risk of exploitation. Avoid using the `xmlSnprintfElementContent` function in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The Binary File Descriptor library is prone to a global buffer over-read error due to an incorrect assumption about the naming of SHT REL/SHR RELA sections. This issue affects programs that analyze binary programs using the library, such as objcopy and strip, causing them to crash. **Recommendations** For GNU Binutils version 2.28, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The Binary File Descriptor library is prone to an invalid read of size 4 due to NULL pointer dereferencing of ` bfd elf large com section`. This issue causes programs that analyze binary programs using the libbfd library, such as objcopy, to crash. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version to resolve the issue, as the current version is affected by the NULL pointer dereferencing vulnerability in the ` bfd elf large com section` function.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The Binary File Descriptor (BFD) library is vulnerable due to a missing malloc() return-value check in the bfd generic get section contents function, causing an invalid write of size 8. This issue affects programs that analyze binary programs using the libbfd library, such as objcopy, leading to crashes. **Recommendations** For GNU Binutils version 2.28, consider applying a patch that adds a malloc() return-value check to the bfd generic get section contents function to prevent invalid writes and subsequent crashes.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The Binary File Descriptor library is susceptible to an invalid read due to inadequate reloc offset range tests, which failed to account for small negative offsets. This issue can cause programs utilizing the library, such as objdump, to crash when analyzing binary programs. **Recommendations** For GNU Binutils version 2.28, update to a version that includes the fix for the invalid read issue in the Binary File Descriptor library.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to a heap-based buffer over-read in the Binary File Descriptor (BFD) library, specifically in the aout link add symbols function. This occurs due to an incomplete check for invalid string offsets while loading symbols, which can lead to a crash of the GNU linker (ld) program. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that includes a fix for this issue, as the current version is affected by the heap-based buffer over-read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The Binary File Descriptor library has a function in bfd/aoutx.h that is prone to an invalid read due to missing checks for unrecognized relocs, causing utilities like strip to crash. **Recommendations** For GNU Binutils version 2.28, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The Binary File Descriptor library is susceptible to an invalid read due to a missing check for null headers in the find link function. This issue can cause utilities like strip to crash. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that includes a fix for the invalid read issue in the find link function. As a temporary workaround, restrict the use of the strip utility until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is caused by an invalid read in the Binary File Descriptor (BFD) library due to a missing check for an invalid sh link field. This results in Binutils utilities, such as strip, crashing. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that includes a fix for this issue, as the current version is prone to crashes due to the invalid read.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The GNU assembler in GNU Binutils is susceptible to a global buffer overflow of size 1 when trying to unget an EOF character from the input stream. This could potentially cause a program crash. **Recommendations** For GNU Binutils version 2.28, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to a heap-based buffer overflow in the GNU linker (ld) when processing a malformed input script. This occurs due to the lack of '0' termination of a name field in ldlex.l, leading to a program crash. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue, as the current version is affected by the heap-based buffer overflow.