Alon Livne

**Name of the Vulnerable Software and Affected Versions** CIRCL (affected versions not specified) **Description** A flaw exists in CIRCL’s implementation of the FourQ elliptic curve. This issue allows an attacker to compromise session security through low-order point injection and incorrect point validation during Diffie-Hellman key exchange. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (BlueZ) versions 2.6.32 through 4.13.1 **Description** The issue is related to a stack overflow vulnerability in the processing of L2CAP configuration responses, which can result in remote code execution in kernel space. This vulnerability is associated with a buffer overflow in the L2CAP module of the BlueZ package, implementing the Bluetooth protocol stack. Exploitation of this vulnerability allows a remote attacker to control the buffer size and execute arbitrary code. **Recommendations** For Linux Kernel (BlueZ) versions 2.6.32 through 4.13.1, update to a version later than 4.13.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.