** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The manipulation of the argument cleanName leads to denial of service. Upgrading to version 1.21.0 is able to address this issue. The name of the patch is fd6318d99083a06363091441a0614bd2f21068e6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-238156. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2017-20186

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  240905.

  

**Summary**

IBM Security Guardium has addressed these vulnerabilities.

**Vulnerability Details**

**CVEID:**   CVE-2022-43909  
**DESCRIPTION:**   IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 4.6  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240905 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

**CVEID:**   CVE-2022-21426  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224714 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2022-43907  
**DESCRIPTION:**   IBM Security Guardium could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.  
CVSS Base score: 7.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240901 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2023-21830  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245038 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2023-21843  
**DESCRIPTION:**   An unspecified vulnerability in Java SE related to the Sound component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.  
CVSS Base score: 3.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245037 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM Security Guardium

11.4

**Remediation/Fixes**

**IBM encourages customers to update their systems promptly.**

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, and Ben Goodspeed from the IBM Security Ethical Hacking Team., John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, T

**Change History**

23 Aug 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"11.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}\]

CVE-2022-43909: IBM Security Guardium is affected by multiple vulnerabilities

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.

**Find out whether your website is down**

Our free reachability tool gives you immediate insight into the availability of your website. All you have to do is enter the URL you would like to check. Our tool then tests your website to see whether visitors can easily access it.

**Identify what is causing the problem**

The results are displayed immediately. They help you verify whether your website is accessible, and if not - what is causing the problem.

*   You receive a status code and explanation (for example: ‘Everything is OK. HTTP 200’).
*   The results will also show you the response time, which is how long it took your website to respond (for example: ‘response time : 166.40223400000002 ms’).
*   We automatically check whether your connection is secure (for example: ‘SSL certificate is valid’).

These details help you understand whether issues are being caused by your server, a failing security certificate or something else entirely.

**How to interpret the HTTP status code**

When there is an issue with your website, the HTTP status code will help you understand what is going on. It is impossible to list all HTTP status codes here, but we can help you interpret the main ones.

Every status code belongs to one of five categories.

*   The ones that start with 1 are informative.
*   Status codes that begin with 2 indicate that there was no problem reaching the server. (That is why the ideal status code is 200).
*   An HTTP status code that starts with 3 indicates a redirection. For example, if you want to redirect visitors of your old web domain to the new one automatically. If that redirection is not working correctly, you will get an HTTP 3 status code.
*   The 400 range usually means that something went wrong processing the request. The most famous one is the 404-Not Found status code, which indicates that the page you are trying to find does not exist.
*   A status code that starts with a 5 is a server\-related error.

Need more help interpreting your HTTP status code? We collected a list of most common error HTTP status codes in our How-To section.

**What if the tool says that your connection is not secure?**

The connection between your web server and your web browser should be encrypted for security reasons. If you comply with this requirement, an HTTPS certificate (also called an SSL certificate) is attached to the domain to let visitors know that the connection is secure. But just like any certificate, an SSL certificate has an expiration date. If the reachability tool tells you that your connection is not secure or that you have HTTP issues, you should verify the validity and status of your HTTPS certificate.

Want to know more about HTTPS/SSL? Read about it in our blog.

**What if the tool confirms that your website _is_ down?**

If the reachability tool confirms that your website is down and returns an error code, there are some steps you can take:

*   Check the website of your>hosting company. If their website is not loading, the issue might be on their end. Their power might be down, or their network is having problems.
*   Check their status page if they have one. If they are having issues, this is the page where they will publish all the updates.

**What if the tool claims that your website _is not_ down?**

What if a site is down for you but not for our tool? Then the problem is local and probably not all users are affected. This knowledge helps you narrow down the cause:

*   Maybe your device is not working properly or there is something going on with your settings.
*   Try restarting your computer.
*   Try a different browser.
*   Open the URL on a different device, for example, your smartphone instead of your laptop.
*   Use a different network, like your mobile network (3G/LTE) or a different Wi-Fi network.

Need more detailed instructions? We created an easy checklist to help you figure out your next move.

**Why we check the availability from multiple locations**

Our reachability tool checks the availability of your website from 4 different locations: New York, San Francisco, Frankfurt and Amsterdam. Testing from multiple locations is important because your site might be fast on one side of the world, but slow or offline somewhere else. For example, your website might be hosted on multiple servers on different locations through a geo-optimised CDN. Then the content will run on the server location that is closest to the end user, to give your users the best possible experience. A different server means a different connection and possibly a different status code. By testing your website via multiple locations, we check the reachability on all the servers.

**Why checking once is not enough**

This free reachability tool is an excellent way to get a quick answer to the question 'Is my website down right now?' But in reality, you want to know the status of your website all the time. That is where Semonto comes in. Semonto is a monitoring tool that watches your website 24/7 and notifies you immediately of any issues. This way, you can fix them before anyone notices. Why not try it for yourself? We have a 14-day free trial period. No credit card required. Get started for free.

CVE-2023-41121: Free Website Reachability Check | Semonto

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.


**CVE-2023-2906: Wireshark CP2179 Parsing Divide By Zero DoS**

AHA! has discovered a deinal-of-service issue with \[Wireshark\] from The Wireshark Foundation, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy today, on Thursday, August 24, 2023. CVE-2023-2906 has been assigned to this issue.

Any questions about this disclosure should be directed to **\[email protected\]**.

**Executive Summary**

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVE-2023-2906 appears to be an instance of \[CWE-369\]. Note that, according to the patch notes, this effect can only be achieved when a user triggers the vulnerable code patch with the “Decode As…” functionality of Wireshark (or the -d option for tshark), so this vulnerability is unlikely to be triggerable in an automated way.

**Technical Details**

As can be seen in the below code from the dissect_response_frame function which handles parsing the different types of response frames as part of the SCADA protocol, PG&E 2179 Protocol.

When parsing a TIMETAG_INFO_RESPONSE message, a call is made to the Wireshark function tvb_get_guint8() (on line 723) which retrieves an 8 bit value from the pcap file. If a 0 value is provided within the TIMETAG_INFO_RESPONSE message for the value, a divide by zero error occurs (on line 724).

The relevant code snippet from epan/dissectors/packet-cp2179.c is:

     718                 case TIMETAG_INFO_RESPONSE:
     719                 {
     720                     proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_moredata, tvb, offset, 1, ENC_LITTLE_ENDIAN);
     721                     proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_numsets, tvb, offset, 1, ENC_LITTLE_ENDIAN);
     722 
     723                     num_records = tvb_get_guint8(tvb, offset) & 0x7F;
     724                     recordsize = (numberofcharacters-1) / num_records;
     725                     num_values = (recordsize-6) / 2;      /* Determine how many 16-bit analog values are present in each event record */
     726 
     727                     offset += 1;
    

**Payload**

A base64-encoded blob containing the pcap needed to trigger the vulnerability is provided below:

    1MOyoQIABAAAAAAAAAAAAP9/AAD6AAAAAAAAAAAAAAAMAAAADAAAAAMAAAADAAAAAAAAAAAAAAAA
    AAAAFAAAABQAAAABAAAAAQAAAAEAAAD5/wAAAAAAAAAAAAAAAAAADAAAAAwAAAADAAAAAwAAAAMA
    AAAAAAAAAAAAAAwAAAAMAAAAAwAAAAMAAAAAAAAAAAAAAAAAAAAVAAAAFQAAAAMAAAADAAAAAgAA
    APn/BACAAAAAAAAAAAAAAAAADAAAAAwAAAADAAAAAwAAAAQAAAA=
    

**Attacker Value**

By providing this poisoned set of packets, an attacker could crash the application (Wireshark, tshark, or possibly a custom application utilizing libwireshark) preventing further analysis. Many security appliances capture packets as a matter of course for later analysis, and Wireshark is a common tool used by incident responders. This leads to situations where a specially crafted packet could be used to prevent best incident response practices from taking place.

**Credit**

This issue is being disclosed through the AHA! CNA and is credited to: zenofex and WanderingGlitch

**Timeline**

*   2023-05-23 (Thu): Initial findings presented at AHA! Meeting 0x00c8
*   2023-07-08 (Sat): PoC validated and this disclosure drafted.
*   2023-07-17 (Mon): Disclosed to the vendor via email at \[email protected\] (per the vendor website).
*   2023-07-23 (Sun): Vendor acknowledged the vulnerability in issue 19229.
*   2023-08-23 (Wed): Vendor released fixed version 4.0.8.
*   2023-08-24 (Thu): Public disclosure of CVE-2023-2906.

CVE-2023-2906: CVE-2023-2906 • Austin Hackers Academy

An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component.

**NULL Pointer De-reference**

A null-pointer de-reference in trustedGenerateEcdsaKey. The global variable curve could be null if trustedGenerateEcdsaKey was called before trustedEnclaveInit

**Heap OOB**

Ecall trustedBlsSignMessage uses a macro to log messages. However, the size of max buffer length does not match.

From the EDL file, the length of err_string is 256.

    /* EDL Def. */
    #define TINY_BUF_SIZE 256
    public void trustedBlsSignMessage (
                            [out] int *errStatus,
                            [out, count = TINY_BUF_SIZE] char* err_string,
                            [in, count = TINY_BUF_SIZE] uint8_t* encrypted_key,
                            uint64_t enc_len,
                            [in, string] char* hashX ,
                            [in, string] char* hashY,
                            [out, count = SMALL_BUF_SIZE] char* signature);
    

The SGXSDK's TBridge will malloc 256bytes for _in_err_string.

    /* Generated tbridge */
    /* sgxwallet/secure_enclave/secure_enclave_t.c */
    static sgx_status_t SGX_CDECL sgx_trustedBlsSignMessage(void* pms)
    {
        ... 
    
        if (_tmp_err_string != NULL && _len_err_string != 0) {
            if ( _len_err_string % sizeof(*_tmp_err_string) != 0)
            {
                status = SGX_ERROR_INVALID_PARAMETER;
                goto err;
            }
            /* _len_err_string is 256 here  */
            if ((_in_err_string = (char*)malloc(_len_err_string)) == NULL) {
                status = SGX_ERROR_OUT_OF_MEMORY;
                goto err;
            }
    
            memset((void*)_in_err_string, 0, _len_err_string);
        }
    

However, in the CHECK_STATUS macro, the errString is used but the BUF_LEN is 1024, which is defined in here.

    #define CHECK_STATUS(__ERRMESSAGE__) if (status != SGX_SUCCESS) { \
    LOG_ERROR(__FUNCTION__); \
    snprintf(errString, BUF_LEN, "failed with status %d : %s",  status,  __ERRMESSAGE__); \
    LOG_ERROR(errString); \
    *errStatus = status; \
    goto clean; \
    };
    

If the length of error message is larger than 256, it may lead to overflow.

CVE-2023-36199: Two bugs on SGXWallet · Issue #419 · skalenetwork/sgxwallet

Ubuntu Security Notice 6307-1 - It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service or might expose sensitive information.

=========================================================================  
Ubuntu Security Notice USN-6307-1  
August 24, 2023

cjose vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

JOSE for C/C++ could be made to crash if it received specially crafted input.

Software Description:  
- cjose: C library implementing the JOSE standard (development files)

Details:

It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly  
uses the Tag length from the actual Authentication Tag provided in the JWE.  
An attacker could use this to cause a denial of service (system crash) or  
might expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  libcjose0                       0.6.2.1-1ubuntu0.1

Ubuntu 22.04 LTS:  
  libcjose0                       0.6.1+dfsg1-3ubuntu1.1

Ubuntu 20.04 LTS:  
  libcjose0                       0.6.1+dfsg1-1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  libcjose0                       0.6.0+dfsg1-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6307-1  
  CVE-2023-37464

Package Information:  
  https://launchpad.net/ubuntu/+source/cjose/0.6.2.1-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/cjose/0.6.1+dfsg1-3ubuntu1.1  
  https://launchpad.net/ubuntu/+source/cjose/0.6.1+dfsg1-1ubuntu0.1

Ubuntu Security Notice USN-6307-1

Ubuntu Security Notice 6306-1 - It was discovered that Fast DDS incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service and information exposure. This issue only affected Ubuntu 22.04 LTS. It was discovered that Fast DDS incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash.

    ==========================================================================Ubuntu Security Notice USN-6306-1August 24, 2023fastdds vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTS (Available with Ubuntu Pro)Summary:Fast DDS could be made to crash or expose sensitive information if itreceived specially crafted input.Software Description:- fastdds: eProsima FastDDS Discovery Server and ToolsDetails:It was discovered that Fast DDS incorrectly handled certain inputs.A remote attacker could possibly use this issue to cause a denial ofservice and information exposure. This issue only affected Ubuntu22.04 LTS. (CVE-2021-38425)It was discovered that Fast DDS incorrectly handled certain inputs.An attacker could possibly use this issue to cause a crash.(CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947,CVE-2023-39948, CVE-2023-39949)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   fastdds-tools                   2.9.1+ds-1ubuntu0.1   libfastrtps2.9                  2.9.1+ds-1ubuntu0.1Ubuntu 22.04 LTS (Available with Ubuntu Pro):   fastdds-tools                   2.5.0+ds-3ubuntu0.1~esm1   libfastrtps2.5                  2.5.0+ds-3ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6306-1   CVE-2021-38425, CVE-2023-39534, CVE-2023-39945, CVE-2023-39946,   CVE-2023-39947, CVE-2023-39948, CVE-2023-39949Package Information:   https://launchpad.net/ubuntu/+source/fastdds/2.9.1+ds-1ubuntu0.1

Ubuntu Security Notice USN-6306-1

Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-40915: IoT_vuln/Tenda/AX3/form_fast_setting_wifi_set.md at main · Korey0sh1/IoT_vuln

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

Notify CVE about a publication

\[CVE ID\]

CVE-2023-39741

\[Vulnerability Type\]

\> Buffer Overflow

\>

\> ------------------------------------------

\>

\> \[Vendor of Product\]

\> the development group

\>

\> ------------------------------------------

\>

\> \[Affected Product Code Base\]

\> lrzip - 0.651

\>

\> ------------------------------------------

\>

\> \[Affected Component\]

\> lrzip 0.651

\>

\> ------------------------------------------

\>

\> \[Impact Denial of Service\]

\> true

\>

\> ------------------------------------------

\>

\> \[Attack Vectors\]

\> a crafted file

\> \[Suggested description\]

\>lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp.

This vulnerability allows attackers to cause a Denial of Service (DoS)> via a crafted file.

\>\[CVE ID\]

\>CVE-2023-39742

\> ------------------------------------------

\>

\> \[Vulnerability Type\]

\> Buffer Overflow

\>

\> ------------------------------------------

\>

\> \[Vendor of Product\]

\> the development group

\>

\> ------------------------------------------

\>

\> \[Affected Product Code Base\]

\> giflib - 5.2.1

\>

\> ------------------------------------------

\>

\> \[Affected Component\]

\> giflib

\>

\> ------------------------------------------

\>

\> \[Attack Type\]

\> Local

\>

\> ------------------------------------------

\>

\> \[Impact Denial of Service\]

\> true

\>

\> ------------------------------------------

\>

\> \[Attack Vectors\]

\> invalid args

\>

\> ------------------------------------------

\>

\> \[Reference\]

\> https://sourceforge.net/p/giflib/bugs/166/

\>

\> ------------------------------------------

\> \[Suggested description\]

\> giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.

\>

\[CVE ID\]

CVE-2023-39743

\> ------------------------------------------

\>

\> \[VulnerabilityType Other\]

\> Access Violation

\>

\> ------------------------------------------

\>

\> \[Vendor of Product\]

\> the development group

\>

\> ------------------------------------------

\>

\> \[Affected Product Code Base\]

\> lrzip-next - LZMA 23.01

\>

\> ------------------------------------------

\>

\> \[Affected Component\]

\> lrzip-next

\>

\> ------------------------------------------

\>

\> \[Impact Denial of Service\]

\> true

\>

\> ------------------------------------------

\>

\> \[Attack Vectors\]

\> a crafted lrz file

\>

\> ------------------------------------------

\>

\> \[Reference\]

\> https://github.com/huanglei3/lrzip-next-poc/tree/main

\> https://github.com/pete4abw/lrzip-next/issues/132

\>

\> ------------------------------------------

\> \[Suggested description\]

\> lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3\_decode\_block src/libbz3.c.

CVE-2023-39742: Notify CVE about a publication

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.

AdGuard DNS versions

2.2.1

Aug 7, 2023

In this update, we have improved the DNS server performance, fixed a few issues, and released a new authorization service that will allow users to access their personal account quicker.

Changelog

Performance

The number of AdGuard DNS users is growing at an enormous rate, and the total number of requests per second has closely approached 2 million. Meanwhile, over 90% of these requests come to us through encrypted DNS protocols (DoT, DoH, DoQ, DNSCrypt). Therefore, in this release, we focused on improving the DNS server’s performance and achieved great success. We can now handle an astronomical number of requests with reasonable server power.

Features

Added Czech and Slovak languages

Improved readability of highlighted text in dark theme #617

Full DNS address now displayed when setting up a device in a mobile browser #625

Fixes

Misalignment of columns when the “Device not connected” indicator dot appears #575

AdGuard verification code auto-fill issue with two-factor authentication enabled in Safari #314

Email address auto-fill bug on the login page in Safari #319

Incorrect functioning of the $dnsrewrite modifier

2.2

Apr 24, 2023

The highlight of this release is the ability to customize the Team subscription — now you can choose the number of devices, servers, and monthly requests you want before purchasing it. Also, we've added the option to select a response code for blocked requests and, of course, fixed some bugs.

Changelog

Features

Added the ability to customize the Team subscription

Added more information about monthly traffic update #490

Added the option to select a response code for blocked requests

Added AdGuard DNS blog

Updated Linked IP block design

Updated translations #570

Fixes

In the mobile version of Safari, the filtering log automatically reverts to its default state after scrolling

Problem with statistics and log retention settings #472

EDNS Client Subnet could not be disabled #542

Error condition is not reset when the type of line to be added is changed #563

Slashes are not saved in the comments of the user rules editor #576

Real-time query log updates don't retain filter changes #460

Fixed an issue that allowed a DoS attack against the service using malformed UDP packets

2.1.6

Mar 1, 2023

Minor bugs should be tackled before they build up and affect the performance of AdGuard DNS. We aim to release patches in a timely fashion, and here's another one.

Changelog

Fixed

Can't reach the 'Try AdGuard DNS' button in Safari on iOS #436

The settings of the selected server are reset after refreshing the page

The domain is not found in the search field if it was copy-pasted #530

Changed the hint text for clearing device logs/statistics #536

Added

Default TTL hint #535

Ability to customize which response will be used for a blocked domain

Option to block Mozilla canary domain

2.1.5

Feb 2, 2023

In this patch we've fixed several bugs — now AdGuard DNS runs better.

Changelog

Fixed

Spikes on the stat graph

Incorrect triggering of the device limit

Resetting statistics does not occur in all filter sections

Unable to log in to account via Apple ID if 2FA is enabled

Top blocked domains and top requested domains values in mobile version are mixed up #482

Resetting filters in filtering log does not clear domain search field #524

2.1.4

Dec 29, 2022

This patch is a little New Year’s present for you. We’ve significantly improved the performance of our DNS servers, added instructions for connecting AdGuard DNS to AdGuard VPN and AdGuard Browser extension, and fixed minor bugs.

2.1.3

Dec 7, 2022

Now it’s possible to connect an Android or iOS device with AdGuard VPN to AdGuard DNS via email. To do so:

Open the AdGuard DNS dashboard and tap the Connect new device button,

Choose Android or iOS and enter your device’s name,

Tap Next and then Send link by email,

Enter the email address you want to send the link to and click Send,

​​Open the email on the device you want to connect to AdGuard DNS and tap the Connect device button.

For this release we’ve also expanded the list of used filters, made some UI enhancements, fixed a few bugs, and added Vietnamese localization.

Added

Option to connect AdGuard DNS in the AdGuard VPN app by sending a configuration email

Vietnamese language support

Added filters

1Hosts (mini)

HaGeZi Personal Black & White

HUN: Hufilter

LIT: EasyList Lithuania

No Google

Fixed

AdGuard DNS homepage doesn’t load when iCloud+ Private Relay is enabled

2.1.2

Nov 22, 2022

In AdGuard DNS v2.1.2 we’ve enhanced the dashboard interface, added a server in Johannesburg and an option to disable automatic filtering log updates. Also, we’ve fixed some bugs so it will no longer be a problem to rename the device or understand the statistical report.

If you use AdGuard VPN for Android or iOS, you can easily add an encrypted DNS to your device. Just follow our instructions when adding a new device.

Added

Option to disable automatic filtering log updates #264

Johannesburg server

Turkish language support

Fixed

Flags were displayed incorrectly in the Traffic Direction section#428

Blank space in the Connection check section #431

Text started to glitch when renaming a device #354

Incorrect dates in the weekly stats report

2.1.1

Oct 25, 2022

This hotfix is intended to correct minor errors and add two localizations as a bonus.

Changelog

\[Enhancement\] Added translation of the dashboard and login page into Portuguese and Portuguese Brazilian

\[Fixed\] Incorrect time of latest device activity #427

\[Fixed\] Incorrect VPN subscription status #352

\[Fixed\] Refreshing the Device settings page redirects back to server settings #430

2.1

Oct 20, 2022

AdGuard DNS now supports DNS-over-HTTP/3 in experimental mode. It was a challenge, but we made it. For now only AdGuard Home and dnsproxy fully support DNS-over-HTTP/3, but soon DoH3 will appear in other AdGuard products. However, we focus on DNS-over-QUIC and consider it more advanced, but we strive to support the other protocols too, and DoH3 is a proof of that.

Another good news is that we will email AdGuard DNS users weekly and monthly reports with stats on requests, devices, and companies, which is convenient and visual. If there are too many reports, you can unsubscribe at any time.

Changelog

\[Enhancement\] Added the Apply button that appears after changing the server name

\[Enhancement\] Query log data cutoff in desktop mode #366

\[Enhancement\] Query log page numbers move when a new page is opened #368

\[Fixed\] Switching from 90 days to anything less causes dates to overlap #323

\[Fixed\] Text is cut off for the last domain in Top domains #339

\[Fixed\] Dates are cut off on the left and right side of the chart (mobile version of the website) #341

\[Fixed\] Misleading subscription status (from AdGuard VPN) #352

\[Fixed\] Wrong status of applied unblocking rules #361

\[Fixed\] The "Refresh" button on the homepage does not override the number of requests

\[Fixed\] Query log data is cut off (desktop version of the website) #366

\[Fixed\] Limit triggering in Enterprise plan

\[Fixed\] Can't scroll to account settings on Safari for macOS #353

\[Fixed\] In some cases the statistics were counted incorrectly

\[Fixed\] Top Destinations stats overlap when set to 90 days #326

2.0.1

Sep 7, 2022

It's been two weeks since the release of AdGuard DNS 2.0, but there's still a pleasant aftertaste. We've been painstakingly working on this product to give you a reliable and convenient tool to control your online traffic. And we succeeded.

Still, small bugs had crept into the release. That's why we're publishing a patch today: so you can enjoy the service, and we can move on to some bigger tasks with peace of mind.

Changelog

\[Enhancement\] Added search to the DNS knowledge base

\[Enhancement\] Updated link for Contact Us button on purchase page

\[Enhancement\] Improved the Traffic Destinations page

\[Enhancement\] Add an option to use add-cpe-id in Dnsmasq to identify the device

\[Fixed\] Disabling logs disables tariff statistics

\[Fixed\] Numbers in Japanese, Korean, Chinese are displayed incorrectly

2.0

Aug 18, 2022

The beta testing phase is finally over! From now on the new level of traffic control is available for you. With AdGuard DNS 2.0 you can:

Flexibly configure domain blocking via blocklists, query log and user rules;  

See real-time requests statistics from all connected devices;  

Enable and set up Parental control;  

Learn more about all the changes and improvements of AdGuard DNS 2.0 in our blog.

0.6

Jul 29, 2022

Check out the sixth beta version of AdGuard DNS (and hopefully the final one before the release). In it we’ve improved the dark theme: updated the map styles and QR-code, so that everything could be easily read and scanned. And, of course, we fixed some minor bugs. The private AdGuard DNS now runs smoother!

Changelog

\[Enhancement\] Updated map styles in the dark theme

\[Enhancement\] Added an option to disable iCloud Private Relay

\[Fixed\] QR code is not scanned in the dark theme

\[Fixed\] Autofill doesn’t work in Safari on macOS and iOS

\[Fixed\] Minor bug fixes in desktop и mobile versions

0.5

Jul 13, 2022

There are five fingers in a hand, five oceans on Earth, and five betas of the private AdGuard DNS. Today we're releasing the fifth beta of our DNS and we hope you'll rate it 5/5!

In this version we’ve implemented support for DDR (Discovery of Designated Resolvers) by the latest draft of the new standard. With this feature, an encrypted connection to the DNS server will be set up automatically on devices with DDR support, provided the device previously knew the server address. A computer or smartphone will send a request to the known address and receive all the necessary information to establish a secure connection.

DDR support appeared in Windows 11 Insider Preview Build 22489, which means that the feature will get into the release version after a while. When this happens, Windows and AdGuard DNS users will be automatically reconnected to encrypted DNS servers – public or private, depending on the services selected earlier.

We’ve also improved ECS (EDNS Client Subnet) implemented in the third beta. Servers now respond with more precise IP addresses that better match your location. Furthermore, we are continuing to refine the open AdGuard DNS API, and now there are methods for getting statistics. All documentation is available at Knowledge Base.

We’ve fixed some bugs and worked on the interface: authorization via Apple ID now works properly, the dark theme has become really dark, and the Query log is prettier than ever. French, Italian, Chinese, Japanese, and Korean were added to the dashboard, and we are committed to continue localizing the private AdGuard DNS, making it accessible to users from all over the world!

Changelog

\[Enhancement\] Added support for DDR (Discovery of Designated Resolvers)

\[Enhancement\] Statistic retrieval methods were added to the API

\[Enhancement\] Added an option to change subscription type

\[Enhancement\] Added an option to extend subscription

\[Enhancement\] Added support for Chinese, Japanese, Korean, French, and Italian

\[Enhancement\] Added the "Don’t ask again" checkbox to the system notification that appears when deleting user rules

\[Fixed\] After logging in via Apple ID the personal account opens instead of dashboard if the user has an AdGuard VPN subscription

\[Fixed\] In dark theme statistics blocks are highlighted in white

\[Fixed\] In dark theme text in some fields is grayed out

\[Fixed\] Some elements in the mobile version of the website are displayed incorrectly

0.4

Jun 21, 2022

The period of active "building" of the private AdGuard DNS is left behind, and now we're polishing the service to a shine. Just take a look at the current changelog and compare it to the one we published for the previous beta. The difference is obvious.

The fourth beta features dark theme and language selection – at the moment, the dashboard is translated into German, Spanish, and Russian. To find both options, go to Account settings. And some more good news: from now on all AdGuard VPN users with a subscription will get the Personal plan of the private AdGuard DNS for free.

We hope you’ll enjoy the new version. Use the service and leave feedback on any platform you like.

Changelog

\[Enhancement\] Added dark theme

\[Enhancement\] Added support for VPN subscriptions and information about VPN subscribers automatically getting a Personal DNS subscription

\[Enhancement\] Added German and Spanish localizations

\[Enhancement\] Improved search function in the filter section on mobile devices

\[Enhancement\] Supplemented instructions for different devices

\[Enhancement\] Added a link to DNS rules syntax in the query log dialog

\[Fixed\] The “View device settings” button doesn't work on iOS devices

\[Fixed\] The “Unable to renew subscription” popup hangs for too long

0.3.1

Jun 10, 2022

The recently released third beta of private AdGuard DNS was really good and brought a lot of useful features to users. However, as it turned out, it contained a few flaws. So that you don't have to deal with them anymore, we are releasing a patch v0.3.1 for private AdGuard DNS.

Changelog

\[Fixed\] Clicking the Block button in Query log deletes all existing user rules and replaces them with a new one #265

\[Fixed\] Unable to move devices between servers #248

\[Fixed\] Incorrect links on the "Thanks for your purchase" page

\[Fixed\] Discount promo codes do not work correctly

\[Fixed\] There is no payment button in the mobile version of the website

\[Fixed\] Incorrect designation of the number of requests in Statistics

0.3

May 26, 2022

Meet the third beta version of private AdGuard DNS! We are steadily moving towards a full-fledged product, adding new features, changing and improving UI — everything to make you really enjoy using AdGuard DNS.

The version history – in front of your eyes

First and foremost, we've added a version history page for the AdGuard DNS service. Now you can see the full list of changes, learn about new features, and see how the work on private AdGuard DNS service is progressing.

Contribute to AdGuard DNS translation

Until now, private AdGuard DNS could only be used in English: first we had to make sure everything was working as it should. With this version we've extended the geography by adding the possibility to translate the dashboard into different languages. Help us make AdGuard DNS more accessible to everyone by participating in the translations! You can find a detailed article on how to use the Crowdin platform in our Knowledge Base. And if you already know how to use it, visit the AdGuard DNS project in Crowdin. Select the Dashboard and choose the language you want, then you're ready to translate!

AdGuard DNS Knowledge Base

Subscription

We've added a paid subscription on private AdGuard DNS. Subscription is not required during beta testing, but we'd appreciate it if you'd like to support us now.

DNS filters

We've also fixed DNS filters: eliminated the bug with the /etc/hosts-style rules failing to work and added support for rules with $dnsrewrite. By the way, you can read about the DNS filtering syntax in the Knowledge Base.

ECS support

The AdGuard DNS servers now support EDNS Client Subnet (ECS).

This feature allows users to get responses corrected for the location of the DNS user. We had long been hesitating to implement it in AdGuard DNS: ECS assumes handing over an anonymized user's IP address to the name server. In this version, we've solved the problem: instead of the user's IP address, we pass another address from approximately the same location as the user's.

New blocklists

We've added a lot of new blocklists — now it's even easier to customize AdGuard DNS. And if that's not enough, you can request and add more blocklists in the GitHub repository (before you do that, read requirements for blocklists in the section “What Blocklists Can Be Added Here”).

Open API

AdGuard DNS now has an open API. If you want to integrate with AdGuard DNS, read the documentation.

UI fixes and more

We've also fixed a lot of minor bugs and added some useful features.

Test private AdGuard DNS and leave feedback on any convenient platforms — it will help us become better.

Changelog

\[Enhancement\] Improved the appearance of the multiselect (element with the ability to select multiple values, such as countries, devices)

\[Enhancement\] For the device location, the Traffic Destination section uses data from its last activity

\[Fixed\] Incorrect detection for account time zone

\[Fixed\] Statistics and logs do not get cleared when their retention period is changed

\[Fixed\] Incorrect country detection for some domains

\[Fixed\] Significant delay in clearing logs and statistics

\[Other\] Added the option "Last 7 days" to date selector

0.2

Mar 16, 2022

We’ve all been waiting for it: we're proud to present the open beta of private AdGuard DNS! From now on, anyone can set up their own DNS server.

We took the best of AdGuard DNS and AdGuard Home and designed a product that would be flexible and customizable, meet the needs of "geeks", and have a user-friendly interface. We hope we succeeded! And now let's take a closer look at the best features of private AdGuard DNS.

Block/unblock domains

With a private DNS server, it is only you who decides which domains should be blocked and which shouldn’t — on each device! Connect your computer, smartphone, tablet or router and manage their requests as desired.

Blocklists management

You can also choose which domain blocking rules should be implemented. And those who aren't satisfied with dozens of pre-installed blocklists can import and export their own custom rules.

Advanced statistics

Now you can see the full statistics of your requests: how many requests were registered, to which companies, and to which countries. Besides, you can view this information for different dates, countries, and even for different devices connected to your DNS server. And of course, block and unblock requests on the go.

Parental control

To protect your child from online content you deem inappropriate, you can use Parental control. You can activate the safe search and manually specify domains for blocking as well as set the schedule: for instance, not allow your child to watch videos during homework.

Join beta testing

To take part in beta testing go to AdGuard DNS website and press \*Join beta\*\*\*, then sign up or log into your AdGuard account. You're done! Create your own DNS server and manage your requests — you are in control.

0.1

Sep 28, 2021

Great news: AdGuard DNS is advancing to a new level. We're about to release the product that many have yearned for so long — the private AdGuard DNS!

What a public DNS server blocks cannot be changed — it only has to be taken for granted. With your own DNS server, you'll be in control of all the query statistics and be able to choose which domains you want to block. It'll allow you to add blocklists and set up Parental control. And the user-friendly interface will make it no problem to get to grips with it all.

We added a new website where you can already see what the private AdGuard DNS interface will look like, learn how to connect to the public DNS server, and subscribe to the AdGuard DNS newsletter. If you do, we'll message you at launch and keep you up-to-date with the latest AdGuard news.

Thank you for your support! Stay tuned — and in the meantime, we're working to make sure the next release is to your liking.

Tag

#dos