Yeggor

**Name of the Vulnerable Software and Affected Versions** rs-stellar-strkey versions prior to 0.0.8 **Description** A panic vulnerability occurs when a specially crafted payload is used, due to an issue with the `inner payload len` variable. This variable should not be above 64. The vulnerability is caused by an overflow in the calculation of `inner payload len + (4 - inner payload len % 4) % 4`, which can happen when `inner payload len` is set to a large value, such as `0xffffffff`. **Recommendations** For versions prior to 0.0.8, update to version 0.0.8 to resolve the issue. As a temporary workaround, consider sanitizing the input payload before it is passed to the vulnerable function, ensuring that the value of `inner payload len` is not above 64.

**Name of the Vulnerable Software and Affected Versions** Rizin versions 0.5.1 and prior **Description** Rizin is a UNIX-like reverse engineering framework and command-line toolset. Converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files, for example with the `drpg` or `arpg` commands, are affected by this flaw. **Recommendations** For Rizin versions 0.5.1 and prior, as a temporary workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands. A patch for this issue is available in commit d6196703d89c84467b600ba2692534579dc25ed4.