Dqp10515

**Name of the Vulnerable Software and Affected Versions** FreeCoAP (affected versions not specified) **Description** The issue allows remote attackers to cause a Denial of Service through specially crafted packets. It is related to the server handle regular function in the test coap server.c file within the FreeCoAP project. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeCoAP version 1.0 **Description** The issue allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet. This packet causes `coap msg get payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. The `coap client exchange blockwise2` function is specifically affected. **Recommendations** For FreeCoAP version 1.0, as a temporary workaround, consider disabling the `coap client exchange blockwise2` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SmartDNS version Release46 **Description** The issue is related to an integer overflow in the fast ping.c file, which allows remote attackers to cause a Denial of Service via misaligned memory access. **Recommendations** For SmartDNS version Release46, consider restricting access to the fast ping.c function until a patch is available. As a temporary workaround, disabling the fast ping.c functionality may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeCoAP version 0.7 **Description** The issue in the coap msg.c file allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet. **Recommendations** For FreeCoAP version 0.7, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NanoMQ version 0.21.7 **Description** A heap-buffer-overflow issue in the `read byte` function allows attackers to cause a denial of service via transmission of crafted hexstreams. **Recommendations** For NanoMQ version 0.21.7, consider disabling the `read byte` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NanoMQ version 0.21.7 **Description** The issue is related to a Buffer Overflow vulnerability in the `get var integer` function in `mqtt parser.c`. This allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. **Recommendations** For NanoMQ version 0.21.7, consider disabling the `get var integer` function in `mqtt parser.c` as a temporary workaround until a patch is available. Restrict access to the `mqtt parser.c` module to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NanoMQ version 0.21.7 **Description** The issue is related to a Null Pointer Dereference vulnerability in the `topic filtern` function in `mqtt parser.c`. This vulnerability allows attackers to cause a denial of service. **Recommendations** For NanoMQ version 0.21.7, consider disabling the `topic filtern` function as a temporary workaround until a patch is available. Restrict access to the `mqtt parser.c` module to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libcoap version 4.3.4 **Description** An issue in `coap pdu.c` allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. **Recommendations** For libcoap version 4.3.4, consider restricting access to the `coap pdu.c` module to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.