Yuanming Song

**Name of the Vulnerable Software and Affected Versions** Briar versions prior to 1.4.22 **Description** The issue allows attackers to cause a denial of service, resulting in repeated application crashes, by sending a series of long messages to a contact. This is achieved through the Bramble Synchronisation Protocol (BSP) in Briar. **Recommendations** For versions prior to 1.4.22, update to version 1.4.22 or later to resolve the issue. As a temporary workaround, consider restricting the length of incoming messages to prevent repeated application crashes.

**Name of the Vulnerable Software and Affected Versions** Briar versions prior to 1.4.22 **Description** The issue allows attackers to spoof other users' messages in a blog, forum, or private group. However, each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one. **Recommendations** For versions prior to 1.4.22, update to version 1.4.22 or later to resolve the issue. As a temporary workaround, consider implementing additional message validation to detect and prevent spoofed messages. Restrict access to sensitive areas of the blog, forum, or private group to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Briar versions prior to 1.5.3 **Description** The issue affects the Bramble Handshake Protocol (BHP) in Briar, allowing eavesdroppers to decrypt network traffic between two accounts if they later compromise both accounts. However, the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol. **Recommendations** For versions prior to 1.5.3, update to version 1.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.