Chongqing Lei

**Name of the Vulnerable Software and Affected Versions** Apache NuttX versions 7.25 through 12.9.0 **Description** Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. **Recommendations** To resolve the issue, users of the NuttX Bluetooth HCI/UART stack are advised to upgrade to version 12.9.0, which fixes the identified implementation issues. As a temporary workaround, consider disabling the vulnerable Bluetooth HCI/UART stack components until a patch is available. Restrict access to the Bluetooth stack to minimize the risk of exploitation. Avoid using the vulnerable components in the Bluetooth stack until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Eclipse Wakaama versions prior to 2021-01-14 **Description** The issue arises from the CoAP parsing code in Eclipse Wakaama, which fails to properly sanitize network-received data. This has been the case since the inception of Eclipse Wakaama until 2021-01-14. **Recommendations** For Eclipse Wakaama versions prior to 2021-01-14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.