Xi Wang

**Name of the Vulnerable Software and Affected Versions** Libc in Apple Mac OS X versions prior to 10.9 **Description** The issue concerns the production of predictable values by the srandomdev function in Libc when the kernel random-number generator is unavailable. This predictability can be exploited by context-dependent attackers to defeat cryptographic protection mechanisms, leveraging their knowledge of these values. The problem is related to a compiler-optimization issue. **Recommendations** For versions prior to 10.9, update to version 10.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions 1.10.3 through 1.10.4 and 1.11.x through 1.11.1 **Description** The issue is related to the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5. It does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5 PADATA PK AS REQ AS-REQ request. The vulnerability can be exploited by a remote attacker who has passed the authentication procedure, potentially leading to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For versions 1.10.3 through 1.10.4, update to version 1.10.4 or later. For versions 1.11.x through 1.11.1, update to version 1.11.1 or later. As a temporary workaround, consider restricting access to the `pkinit check kdc pkid` function in the `plugins/preauth/pkinit/pkinit crypto openssl.c` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bionic (libc) for Android (affected versions not specified) **Description** The issue is related to multiple integer overflows in certain functions within Bionic (libc) for Android. Specifically, the `chk malloc`, `leak malloc`, and `leak memalign` functions in `libc/bionic/malloc debug leak.c` are affected when `libc.debug.malloc` is set. This makes it easier for attackers to perform memory-related attacks, such as buffer overflows, by providing a large size value, which results in less memory being allocated than expected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hoard versions prior to 3.9 **Description** The issue is related to multiple integer overflows in the `malloc` and `calloc` functions, which can be exploited by context-dependent attackers to perform memory-related attacks, such as buffer overflows, by providing a large size value. This causes less memory to be allocated than expected, potentially leading to security issues in implementing code. **Recommendations** For versions prior to 3.9, update to version 3.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Boost versions 1.33.1 through 1.41.0 **Description** The issue is related to an integer overflow in the ordered malloc function in boost/pool/pool.hpp in Boost Pool, which can lead to memory-related attacks such as buffer overflows via a large memory chunk size value. This can cause less memory to be allocated than expected, potentially disrupting the availability of protected information. The exploitation of this issue can be performed remotely. **Recommendations** For Boost versions 1.33.1 through 1.41.0, update to a version later than 1.41.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.