Vlad Tsyrklevich

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** An issue was discovered in macOS that involves the Kernel component, allowing attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** An issue was discovered in macOS that involves the Kernel component, allowing attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** An issue was discovered that involves the Kernel component, allowing attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** An issue was discovered in macOS that involves the Kernel component, allowing attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.8.12 **Description** The issue is related to the misuse of the kzalloc function in the Linux kernel, which can be exploited by local users to cause a denial of service or have other unspecified impacts. This can be achieved by leveraging access to a vfio PCI device file. **Recommendations** For Linux kernel versions prior to 4.8.12, update to version 4.8.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.8.11 **Description** The issue allows local users to bypass integer overflow checks, potentially causing a denial of service (memory corruption) or having unspecified other impact. This is achieved by leveraging access to a vfio PCI device file for a VFIO DEVICE SET IRQS ioctl call, which is described as a state machine confusion bug. **Recommendations** For Linux kernel versions through 4.8.11, update to a version later than 4.8.11 to resolve the issue. As a temporary workaround, consider restricting access to vfio PCI device files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.4 **Description** The issue is related to the dissect lbmr pser function in the LBMR dissector, which does not properly track the current offset. This allows remote attackers to cause a denial of service, specifically an infinite loop, via a crafted packet. **Recommendations** For Wireshark versions 1.12.x through 1.12.4, update to version 1.12.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.4 **Description** The issue allows remote attackers to cause a denial of service, specifically an infinite loop, by sending a crafted packet. This is due to the dissect lbmr pser function in the LBMR dissector not properly handling a zero length. **Recommendations** For Wireshark versions 1.12.x through 1.12.4, update to version 1.12.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LBMR dissector until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.10.x through 1.10.12 Wireshark versions 1.12.x through 1.12.3 **Description** The issue is related to an integer overflow in the `dissect tnef` function, which can cause a denial of service due to an infinite loop. This occurs when a remote attacker sends a crafted packet with a manipulated length field. **Recommendations** For Wireshark versions 1.10.x through 1.10.12, update to version 1.10.13 or later. For Wireshark versions 1.12.x through 1.12.3, update to version 1.12.4 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.12.x through 1.12.3 **Description** The issue is related to an integer overflow in the dissect osd2 cdb continuation function in the SCSI OSD dissector. This allows remote attackers to cause a denial of service, resulting in an infinite loop, by sending a crafted packet with a malicious length field. **Recommendations** For Wireshark versions 1.12.x through 1.12.3, update to version 1.12.4 or later to resolve the issue.