Zh_Vul

**Name of the Vulnerable Software and Affected Versions** Kamailio version 5.5 **Description** A flaw exists in Kamailio 5.5 within the Grammar Rule Handler component, specifically in the `yyerror at` function located in the `src/core/cfg.y` file. This issue can lead to a null pointer dereference. Exploitation requires local access. The exploit for this issue is publicly available. The vendor was informed of the disclosure but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kamailio version 5.5 **Description** A security issue exists in Kamailio 5.5 related to a heap-based buffer overflow. The issue is located in the `rve destroy` function within the `src/core/rvalue.c` file of the Configuration File Handler component. Exploitation requires local access. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kamailio version 5.5 **Description** A flaw exists in Kamailio that involves a use-after-free condition. This issue is located within the Configuration File Handler component, specifically in the `sr push yy state` function of the `src/core/cfg.lex` file. The attack requires local access. The exploit for this issue is publicly available. The vendor was informed of this disclosure but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kamailio version 5.5 **Description** A flaw exists in Kamailio where manipulation of the `rve is constant` function within the src/core/rvalue.c file can lead to a null pointer dereference. The attack requires local access. The exploit for this issue has been published. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions up to 2.73rc6 **Description** A flaw exists in dnsmasq that involves a heap-based buffer overflow. This issue is located within the Config File Handler component, specifically in the `parse hex` function of the `src/util.c` file. The issue arises from the manipulation of the `i` argument. Local access is required for exploitation. The exploit for this issue has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** Versions prior to 2.73rc6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions up to 2.73rc6 **Description** A flaw exists in dnsmasq that involves a null pointer dereference within the `check servers` function, located in the `src/network.c` file of the Config File Handler component. This issue can be triggered through local exploitation. The exploit for this issue has been publicly released, and attempts to notify the vendor were unsuccessful. **Recommendations** Versions prior to 2.73rc6 should be used.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions prior to 2.73rc6 **Description** A flaw exists in dnsmasq related to the `parse dhcp opt` function within the Config File Handler component, specifically in the file src/option.c. Manipulation of the argument `m` can lead to a null pointer dereference. This issue can only be exploited locally. The exploit for this issue has been publicly disclosed. The vendor was informed of this disclosure but did not respond. **Recommendations** Update dnsmasq to a version newer than 2.73rc6.

**Name of the Vulnerable Software and Affected Versions** DCMTK versions up to 3.6.5 **Description** A security issue exists in DCMTK related to the `parseQuota` function within the `dcmqrscp` component. Manipulation of the `StorageQuota` argument can lead to a stack-based buffer overflow. Local access is required for exploitation, and the exploit has been publicly disclosed. **Recommendations** Upgrade to version 3.6.6 or later to address this issue.

**Name of the Vulnerable Software and Affected Versions** DCMTK versions up to 3.6.7 **Description** A flaw exists in DCMTK where manipulation of the `DcmQueryRetrieveConfig::readPeerList` function within the `/dcmqrcnf.cc` file of the `dcmqrscp` component can lead to a null pointer dereference. This issue requires local access to exploit. The exploit is publicly available. **Recommendations** Upgrade to version 3.6.8 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** bftpd versions up to 6.2 **Description** A flaw exists in bftpd related to the `expand groups` function within the Configuration File Handler component, specifically in the file options.c. This can lead to a heap-based buffer overflow. The attack is considered highly complex and difficult to exploit, but an exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.