An issue in Harrison Chase langchain before version 0.0.236 and before allows a remote attacker to execute arbitrary code via the `from_math_prompt` and `from_colored_object_prompt` functions.

**LangChain vulnerable to arbitrary code execution**

Moderate severity GitHub Reviewed Published Aug 15, 2023 to the GitHub Advisory Database • Updated Aug 15, 2023

GHSA-92j5-3459-qgp4: LangChain vulnerable to arbitrary code execution

An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.

GHSA-fj32-q626-pjjc: LangChain vulnerable to arbitrary code execution

An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).

**Alluxio vulnerable to arbitrary code execution**

Moderate severity GitHub Reviewed Published Aug 15, 2023 to the GitHub Advisory Database • Updated Aug 15, 2023

GHSA-xrrh-h86w-pwfj: Alluxio vulnerable to arbitrary code execution

An issue in pandas-ai v.0.8.1 and before allows a remote attacker to execute arbitrary code via the `_is_jailbreak` function.

**PandasAI vulnerable to arbitrary code execution**

Critical severity GitHub Reviewed Published Aug 15, 2023 to the GitHub Advisory Database • Updated Aug 15, 2023

GHSA-8fp9-43pw-56vw: PandasAI vulnerable to arbitrary code execution

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.

**llama-index vulnerable to arbitrary code execution**

Critical severity GitHub Reviewed Published Aug 15, 2023 to the GitHub Advisory Database • Updated Aug 15, 2023

GHSA-2xxc-73fv-36f7: llama-index vulnerable to arbitrary code execution

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months.
"The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said.
Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months.

"The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said.

Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and Azure Blob Storage, is a data storage service for the cloud.

The development comes as the total number of cloud apps from which malware downloads originate has increased to 167, with Microsoft OneDrive, Squarespace, GitHub, SharePoint, and Weebly taking the top five spots.

The phishing campaigns identified by Netskope not only abuse Cloudflare R2 to distribute static phishing pages, but also leverage the company's Turnstile offering, a CAPTCHA replacement, to place such pages behind anti-bot barriers to evade detection.

In doing so, it prevents online scanners like urlscan.io from reaching the actual phishing site, as the CAPTCHA test results in a failure.

As an additional layer of detection evasion, the malicious sites are designed to load the content only when certain conditions are met.

"The malicious website requires a referring site to include a timestamp after a hash symbol in the URL to display the actual phishing page," Michael said. "On the other hand, the referring site requires a phishing site passed on to it as a parameter."

In the event no URL parameter is passed to the referring site, visitors are redirected to www.google\[.\]com.

The development comes a month after the cybersecurity company disclosed details of a phishing campaign that was found hosting its bogus login pages in AWS Amplify to steal users' banking and Microsoft 365 credentials, along with card payment details via Telegram's Bot API.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.

Hi, developers of faad2:  
In the test of the binary faad(1d53978) instrumented with ASAN. There is a SEGV vulnerability in faad, /faad2/frontend/mp4read.c:1039:67 in mp4info. Here is the ASAN mode output:

\=================================================================  
\==58059==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x0000004d332f bp 0x7fff0e2f79b0 sp 0x7fff0e2f7900 T0)  
\==58059==The signal is caused by a READ memory access.  
\==58059==Hint: address points to the zero page.  
#0 0x4d332f in mp4info /faad2/frontend/mp4read.c:1039:67  
#1 0x4d2361 in mp4read\_open /faad2/frontend/mp4read.c:1085:9  
#2 0x4cc166 in decodeMP4file /faad2/frontend/main.c:820:9  
#3 0x4cc166 in faad\_main /faad2/frontend/main.c:1318:18  
#4 0x4cc166 in main /faad2/frontend/main.c:1376:12  
#5 0x7f99902d9c86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#6 0x41c419 in \_start (/faad2/build/faad+0x41c419)

AddressSanitizer can not provide additional info.  
SUMMARY: AddressSanitizer: SEGV /faad2/frontend/mp4read.c:1039:67 in mp4info  
\==58059==ABORTING

**Crash input**

https://github.com/17ssDP/fuzzer\_crashes/blob/main/faad2/segv

**Command Line**

./faad -o /dev/null @@

**Environment**

Ubuntu 16.04  
Clang 10.0.1  
gcc 5.5

CVE-2023-38858: A SEGV vulnerability found in faad2 · Issue #173 · knik0/faad2

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.

Hi, developers of faad2:  
In the test of the binary faad(1d53978) instrumented with ASAN. There is a heap-buffer-overflow vulnerability in faad, /faad2/frontend/mp4read.c:449:63 in static int stcoin(int size). Here is the ASAN mode output (I omit some repeated messages):

\=================================================================  
\==35951==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000038 at pc 0x0000004d678e bp 0x7ffe52ce3f90 sp 0x7ffe52ce3f88  
READ of size 4 at 0x602000000038 thread T0  
#0 0x4d678d in stcoin /faad2/frontend/mp4read.c:449:63  
#1 0x4d2cc5 in parse /faad2/frontend/mp4read.c:848:19  
#2 0x4d2dda in parse /faad2/frontend/mp4read.c:873:24  
#3 0x4d2dda in parse /faad2/frontend/mp4read.c:873:24  
#4 0x4d2dda in parse /faad2/frontend/mp4read.c:873:24  
#5 0x4d2dda in parse /faad2/frontend/mp4read.c:873:24  
#6 0x4d3bb8 in moovin /faad2/frontend/mp4read.c:940:15  
#7 0x4d2cc5 in parse /faad2/frontend/mp4read.c:848:19  
#8 0x4d2312 in mp4read\_open /faad2/frontend/mp4read.c:1071:16  
#9 0x4cc166 in decodeMP4file /faad2/frontend/main.c:820:9  
#10 0x4cc166 in faad\_main /faad2/frontend/main.c:1318:18  
#11 0x4cc166 in main /faad2/frontend/main.c:1376:12  
#12 0x7f49af044c86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#13 0x41c419 in \_start (/faad2/build/faad+0x41c419)

0x602000000038 is located 0 bytes to the right of 8-byte region \[0x602000000030,0x602000000038)  
allocated by thread T0 here:  
#0 0x4960ed in malloc (/faad2/build/faad+0x4960ed)  
#1 0x4d5817 in stscin /faad2/frontend/mp4read.c:353:27  
#2 0x4d2cc5 in parse /faad2/frontend/mp4read.c:848:19  
#3 0x4d2dda in parse /faad2/frontend/mp4read.c:873:24  
#4 0x4d2dda in parse /faad2/frontend/mp4read.c:873:24  
#5 0x4d2dda in parse /faad2/frontend/mp4read.c:873:24  
#6 0x4d2dda in parse /faad2/frontend/mp4read.c:873:24  
#7 0x4d3bb8 in moovin /faad2/frontend/mp4read.c:940:15  
#8 0x4d2cc5 in parse /faad2/frontend/mp4read.c:848:19  
#9 0x4d2312 in mp4read\_open /faad2/frontend/mp4read.c:1071:16  
#10 0x4cc166 in decodeMP4file /faad2/frontend/main.c:820:9  
#11 0x4cc166 in faad\_main /faad2/frontend/main.c:1318:18  
#12 0x4cc166 in main /faad2/frontend/main.c:1376:12  
#13 0x7f49af044c86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: heap-buffer-overflow /faad2/frontend/mp4read.c:449:63 in stcoin  
Shadow bytes around the buggy address:  
0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
\=>0x0c047fff8000: fa fa 00 02 fa fa 00\[fa\]fa fa 00 00 fa fa fa fa  
0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
Shadow byte legend (one shadow byte represents 8 application bytes):  
Addressable: 00  
Partially addressable: 01 02 03 04 05 06 07  
Heap left redzone: fa  
Freed heap region: fd  
Stack left redzone: f1  
Stack mid redzone: f2  
Stack right redzone: f3  
Stack after return: f5  
Stack use after scope: f8  
Global redzone: f9  
Global init order: f6  
Poisoned by user: f7  
Container overflow: fc  
Array cookie: ac  
Intra object redzone: bb  
ASan internal: fe  
Left alloca redzone: ca  
Right alloca redzone: cb  
Shadow gap: cc  
\==35951==ABORTING

**Crash input**

https://github.com/17ssDP/fuzzer\_crashes/blob/main/faad2/hbo-1

**Command Line**

./faad -o /dev/null @@

**Environment**

Ubuntu 16.04  
Clang 10.0.1  
gcc 5.5

CVE-2023-38857: A heap-buffer-overflow vulnerability found in mp4read.c:449:63 · Issue #171 · knik0/faad2

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.

Hi, developers of libxls:  
In the test of the binary test2_libxls instrumented with ASAN. There are 6 heap-buffer-overflow and 1 SEGV vulnerabilities in  
src/xls.c:1015, src/xls.c:1018, src/xlstool.c:266, src/xlstool.c:411, src/xlstool.c:395, and src/xlstool.c:296. Here is the ASAN mode output (I omit some unnecessary messages):

**Vulnerability 1, src/xls.c:1015**

\=================================================================  
\==54038==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000001070 at pc 0x0000004cf305 bp 0x7fff55151350 sp 0x7fff55151348  
READ of size 2 at 0x602000001070 thread T0  
#0 0x4cf304 in xls\_parseWorkBook /libxls/src/xls.c:1015:37  
#1 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14  
#2 0x4c5b4d in main /libxls/test/test2.c:60:9  
#3 0x7f7fd826bc86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#4 0x41c109 in \_start (/libxls/test2\_libxls+0x41c109)

0x602000001071 is located 0 bytes to the right of 1-byte region \[0x602000001070,0x602000001071)  
allocated by thread T0 here:  
#0 0x4960f9 in realloc (/libxls/test2\_libxls+0x4960f9)  
#1 0x4cb76a in xls\_parseWorkBook /libxls/src/xls.c:860:24  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14

SUMMARY: AddressSanitizer: heap-buffer-overflow /libxls/src/xls.c:1015:37 in xls\_parseWorkBook  
Shadow bytes around the buggy address:  
0x0c047fff81b0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fa  
0x0c047fff81c0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fd  
0x0c047fff81d0: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fd  
0x0c047fff81e0: fa fa fd fd fa fa fd fd fa fa fd fd fa fa fd fd  
0x0c047fff81f0: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fd  
\=>0x0c047fff8200: fa fa fd fd fa fa fd fd fa fa fd fa fa fa\[01\]fa  
0x0c047fff8210: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c047fff8220: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c047fff8230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c047fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
0x0c047fff8250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa  
Shadow byte legend (one shadow byte represents 8 application bytes):  
Addressable: 00  
Partially addressable: 01 02 03 04 05 06 07  
Heap left redzone: fa  
Freed heap region: fd  
Stack left redzone: f1  
Stack mid redzone: f2  
Stack right redzone: f3  
Stack after return: f5  
Stack use after scope: f8  
Global redzone: f9  
Global init order: f6  
Poisoned by user: f7  
Container overflow: fc  
Array cookie: ac  
Intra object redzone: bb  
ASan internal: fe  
Left alloca redzone: ca  
Right alloca redzone: cb  
Shadow gap: cc  
\==54038==ABORTING

**Vulnerability 2, src/xls.c:1018**

\=================================================================  
\==24506==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000533 at pc 0x0000004ceb06 bp 0x7fffbc197e90 sp 0x7fffbc197e88  
READ of size 1 at 0x602000000533 thread T0  
#0 0x4ceb05 in xls\_parseWorkBook /libxls/src/xls.c:1018:38  
#1 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14  
#2 0x4c5b4d in main /libxls/test/test2.c:60:9  
#3 0x7ffb26d5bc86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#4 0x41c109 in \_start (/libxls/test2\_libxls+0x41c109)

0x602000000533 is located 0 bytes to the right of 3-byte region \[0x602000000530,0x602000000533)  
allocated by thread T0 here:  
#0 0x4960f9 in realloc (/libxls/test2\_libxls+0x4960f9)  
#1 0x4cb76a in xls\_parseWorkBook /libxls/src/xls.c:860:24  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14

SUMMARY: AddressSanitizer: heap-buffer-overflow /libxls/src/xls.c:1018:38 in xls\_parseWorkBook

**Vulnerability 3, src/xlstool.c:266**

\=================================================================  
\==22361==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000954 at pc 0x0000004c6ec4 bp 0x7ffd36438770 sp 0x7ffd36438768  
READ of size 1 at 0x603000000954 thread T0  
#0 0x4c6ec3 in unicode\_decode\_wcstombs /libxls/src/xlstool.c:266:38  
#1 0x4cc9a1 in xls\_parseWorkBook /libxls/src/xls.c:1020:16  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14  
#3 0x4c5b4d in main /libxls/test/test2.c:60:9  
#4 0x7f0ca9da0c86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#5 0x41c109 in \_start (/libxls/test2\_libxls+0x41c109)

0x603000000954 is located 0 bytes to the right of 20-byte region \[0x603000000940,0x603000000954)  
allocated by thread T0 here:  
#0 0x4960f9 in realloc (/libxls/test2\_libxls+0x4960f9)  
#1 0x4cb76a in xls\_parseWorkBook /libxls/src/xls.c:860:24  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14

SUMMARY: AddressSanitizer: heap-buffer-overflow /libxls/src/xlstool.c:266:38 in unicode\_decode\_wcstombs

**Vulnerability 4, src/xlstool.c:411**

\=================================================================  
\==27366==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000514 at pc 0x0000004c7363 bp 0x7ffc82ab3a00 sp 0x7ffc82ab39f8  
READ of size 1 at 0x602000000514 thread T0  
#0 0x4c7362 in get\_string /libxls/src/xlstool.c:411:8  
#1 0x4cc9a1 in xls\_parseWorkBook /libxls/src/xls.c:1020:16  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14  
#3 0x4c5b4d in main /libxls/test/test2.c:60:9  
#4 0x7fd80a51ac86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#5 0x41c109 in \_start (/libxls/test2\_libxls+0x41c109)

0x602000000514 is located 0 bytes to the right of 4-byte region \[0x602000000510,0x602000000514)  
allocated by thread T0 here:  
#0 0x4960f9 in realloc (/libxls/test2\_libxls+0x4960f9)  
#1 0x4cb76a in xls\_parseWorkBook /libxls/src/xls.c:860:24  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14

SUMMARY: AddressSanitizer: heap-buffer-overflow /libxls/src/xlstool.c:411:8 in get\_string

**Vulnerability 5, src/xlstool.c:296**

\=================================================================  
\==19616==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x616000000888 at pc 0x0000004c6a11 bp 0x7fff62de6cc0 sp 0x7fff62de6cb8  
READ of size 4 at 0x616000000888 thread T0  
#0 0x4c6a10 in transcode\_latin1\_to\_utf8 /libxls/src/xlstool.c:296:12  
#1 0x4c6a10 in codepage\_decode /src/xlstool.c:321:16  
#2 0x4cc9a1 in xls\_parseWorkBook /libxls/src/xls.c:1020:16  
#3 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14  
#4 0x4c5b4d in main /libxls/test/test2.c:60:9  
#5 0x7f8d9df3ac86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#6 0x41c109 in \_start (/libxls/test2\_libxls+0x41c109)

0x616000000888 is located 0 bytes to the right of 520-byte region \[0x616000000680,0x616000000888)  
allocated by thread T0 here:  
#0 0x4960f9 in realloc (/libxls/test2\_libxls+0x4960f9)  
#1 0x4cb76a in xls\_parseWorkBook /libxls/src/xls.c:860:24  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14

SUMMARY: AddressSanitizer: heap-buffer-overflow /libxls/src/xlstool.c:296:12 in transcode\_latin1\_to\_utf8

**Vulnerability 6, src/xlstool.c:395**

\=================================================================  
\==43284==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000005d2 at pc 0x0000004c7329 bp 0x7fffc6505260 sp 0x7fffc6505258  
READ of size 1 at 0x6020000005d2 thread T0  
#0 0x4c7328 in get\_string /libxls/src/xlstool.c:395:13  
#1 0x4cc9a1 in xls\_parseWorkBook /libxls/src/xls.c:1020:16  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14  
#3 0x4c5b4d in main /libxls/test/test2.c:60:9  
#4 0x7fa1da3bcc86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#5 0x41c109 in \_start (/libxls/test2\_libxls+0x41c109)

0x6020000005d2 is located 0 bytes to the right of 2-byte region \[0x6020000005d0,0x6020000005d2)  
allocated by thread T0 here:  
#0 0x4960f9 in realloc (/libxls/test2\_libxls+0x4960f9)  
#1 0x4cb76a in xls\_parseWorkBook /libxls/src/xls.c:860:24  
#2 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14

SUMMARY: AddressSanitizer: heap-buffer-overflow /libxls/src/xlstool.c:395:13 in get\_string

**Vulnerability 7**

\=================================================================  
\==38465==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004cc923 bp 0x7ffee6e50330 sp 0x7ffee6e501a0 T0)  
\==38465==The signal is caused by a READ memory access.  
\==38465==Hint: address points to the zero page.  
#0 0x4cc923 in xls\_parseWorkBook /libxls/src/xls.c:1015:41  
#1 0x4d7ee5 in xls\_open\_ole /libxls/src/xls.c:1480:14  
#2 0x4c5b4d in main /libxls/test/test2.c:60:9  
#3 0x7f032a36dc86 in \_\_libc\_start\_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310  
#4 0x41c109 in \_start (/libxls/test2\_libxls+0x41c109)

AddressSanitizer can not provide additional info.  
SUMMARY: AddressSanitizer: SEGV /libxls/src/xls.c:1015:41 in xls\_parseWorkBook  
\==38465==ABORTING

**Crash input**

https://github.com/17ssDP/fuzzer\_crashes/tree/main/libxls

**Code Location**

xls.c:1010-1025

    case XLS_RECORD_STYLE:
    			if(xls_debug) {
    				struct { unsigned short idx; unsigned char ident; unsigned char lvl; } *styl;
    				styl = (void *)buf;
    
    				printf("    idx: 0x%x\n", styl->idx & 0x07FF); <----------
    				if(styl->idx & 0x8000) {
    					printf("  ident: 0x%x\n", styl->ident);
    					printf("  level: 0x%x\n", styl->lvl); <---------
    				} else {
    					char *s = get_string((char *)&buf[2], bof1.size - 2, 1, pWB);
    					printf("  name=%s\n", s);
                        free(s);
    				}
    			}
    			break;
    

xlstool.c:264-267

    for(i=0; i<len/2; i++)
        {
            w[i] = (BYTE)s[2*i] + ((BYTE)s[2*i+1] << 8); <----------
        }
    
    

xlstool.c:406-413

    if(!pWB->is5ver) {
    		// unicode strings have a format byte before the string
            if (ofs + 1 > len) {
                return NULL;
            }
    		flag=*(BYTE*)(str+ofs); <-----------
    		ofs++;
    	}
    

xlstool.c:392-296

    if (ofs + 2 > len) {
                return NULL;
            }
            ln= ((BYTE*)str)[0] + (((BYTE*)str)[1] << 8); <------------
            ofs+=2;
    
    

xlstool.c:295-299

    for(i=0; i<len; ++i) {
            if(str[i] & (BYTE)0x80) { <-------------
                ++utf8_chars;
            }
        }
    
    

**Environment**

Ubuntu 16.04  
Clang 10.0.1  
gcc 5.5

CVE-2023-38852: There are multiple heap-buffer-overflow vulnerability found in libxls · Issue #124 · libxls/libxls

SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields.

**1\. SQL Injection Vulnerability**

_Vulnerability Description:_ The code directly inserts user input into an SQL query, which can lead to SQL injection attacks. Malicious users can manipulate, delete, or disclose data from the database by injecting malicious SQL code through input fields.

_Code Location:_

$query = 'SELECT \* FROM voters WHERE username = "'. $username .'"';
$record = mysqli\_query($cxn,$query);

_Vulnerability Impact:_ Exploiting this vulnerability can result in unauthorized access to sensitive data, data manipulation, or even a complete compromise of the database.

_Recommendation:_ To mitigate the SQL injection vulnerability, it is recommended to use prepared statements or parameterized queries. Prepared statements separate user input from the SQL query, preventing malicious input from being interpreted as SQL code. The fixed code is as follows:

$stmt = $cxn\->prepare("SELECT \* FROM voters WHERE username = ?");
$stmt\->bind\_param("s", $username);
$stmt\->execute();
$record = $stmt\->get\_result();
$getfield = $record\->fetch\_assoc();

**Summary:** Fixing this vulnerability by implementing prepared statements significantly enhances the security of the code. Prepared statements prevent SQL injection attacks by separating user input from the SQL query.

Please note that this report is provided for informational purposes and should be shared with the responsible person of the GitHub project for further action.

Tag

#git