Xiangwei Zhang

**Name of the Vulnerable Software and Affected Versions** Suricata versions prior to 8.0.3 Suricata versions prior to 7.0.14 **Description** Suricata is a network IDS, IPS and NSM engine. Crafted DCERPC traffic can cause Suricata to expand a buffer without limits, leading to memory exhaustion and process termination. While initially reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB are also affected. DCERPC/TCP in the default configuration should not be vulnerable as the default stream depth is limited to 1MiB. **Recommendations** For Suricata versions prior to 8.0.3, apply the patch available in version 8.0.3. For Suricata versions prior to 7.0.14, apply the patch available in version 7.0.14. For DCERPC/UDP, disable the parser. For DCERPC/TCP, limit the `stream.reassembly.depth` setting. For DCERPC/SMB, limit the `stream.reassembly.depth` setting, noting that this may lead to loss of visibility in SMB.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8 **Description** The issue arises when the JIT compiles WASM i32 return values on 64-bit CPUs, potentially picking up bits from leftover memory. This can cause the values to be treated as a different type. **Recommendations** For Firefox versions prior to 136, update to version 136 or later. For Firefox ESR versions prior to 115.21, update to version 115.21 or later. For Firefox ESR versions prior to 128.8, update to version 128.8 or later.

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 11.2 visionOS versions prior to 2.2 tvOS versions prior to 18.2 macOS Sequoia versions prior to 15.2 Safari versions prior to 18.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 Description: The issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to an unexpected process crash. Recommendations: For watchOS versions prior to 11.2, update to watchOS 11.2 or later. For visionOS versions prior to 2.2, update to visionOS 2.2 or later. For tvOS versions prior to 18.2, update to tvOS 18.2 or later. For macOS Sequoia versions prior to 15.2, update to macOS Sequoia 15.2 or later. For Safari versions prior to 18.2, update to Safari 18.2 or later. For iOS versions prior to 18.2, update to iOS 18.2 or later. For iPadOS versions prior to 18.2, update to iPadOS 18.2 or later.