Ekleezg

**Name of the Vulnerable Software and Affected Versions** NetXDuo versions prior to 6.4.4 **Description** An issue exists in the DHCPV6 client within the networking support module for Eclipse Foundation ThreadX. Specifically, an unchecked index during the extraction of the server DUID from server replies can lead to an out-of-memory read condition. An attacker could potentially exploit this with a crafted packet. **Recommendations** Update to version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** NextX Duo versions prior to 6.4.4 **Description** The HTTP client module in NextX Duo does not properly validate the boundaries when parsing HTTP header fields. This missing bounds verification could lead to undefined behavior if a server sends a specially crafted response. The issue resides within the network support code for Eclipse Foundation ThreadX. **Recommendations** Update NextX Duo to version 6.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** NextX Duo snmp addon versions prior to 6.4.4 **Description** An attacker could trigger an out-of-bound read condition by submitting a specially crafted SNMPv3 security parameters. The vulnerable component is part of the Eclipse Foundation ThreadX. **Recommendations** Update to version 6.4.4 or later.

Name of the Vulnerable Software and Affected Versions: Zephyr (affected versions not specified) Description: The issue is related to improper validation of the length of user input in the `olcp ind handler` function in `zephyr/subsys/bluetooth/services/ots/ots client.c`. This lack of validation can lead to potential issues. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RIOT versions 2024.04 and prior **Description** The issue is related to the ` parse advertise` function, located in `/sys/net/application layer/dhcpv6/client.c`, which lacks a minimum header length check for `dhcpv6 opt t` after processing `dhcpv6 msg t`. This could lead to an out-of-bound read, causing system inconsistency. The same issue is present in the ` preparse advertise` function, which is called by ` parse advertise` before handling the request. **Recommendations** For versions 2024.04 and prior, as a temporary workaround, consider disabling the ` parse advertise` function until a patch is available. Restrict access to the `/sys/net/application layer/dhcpv6/client.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bluetooth Audio Subsystem (affected versions not specified) **Description** The issue is related to an unchecked tailroom in the `ascs cp rsp add` function located in `/subsys/bluetooth/audio/ascs.c`, which could lead to a global buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr (affected versions not specified) **Description** The issue occurs in the `utf8 trunc` function found in `zephyr/lib/utils/utf8.c`, where `last byte p` might point to the byte just before the string pointer if the string is empty. This is a buffer underflow vulnerability in Zephyr's UTF-8 utility function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr (affected versions not specified) **Description** The issue is related to a lack of proper validation of the length of user input in the olcp ind handler function in zephyr/subsys/bluetooth/services/ots/ots client.c. This can lead to a buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bluetooth (affected versions not specified) Description: The Bluetooth HCI has an issue with improper discarding in `adv ext report`. This issue affects the Bluetooth protocol. There is no information available about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux Kernel's RFCOMM Module (affected versions not specified) Description: The issue is related to a buffer overflow vulnerability due to missing length checks of `net buf` in the `rfcomm handle data` function. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BT: Classic (affected versions not specified) Description: The issue concerns an SDP OOB access vulnerability in the get att search list function of BT Classic. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: bap broadcast assistant (affected versions not specified) Description: The issue concerns unchecked user input in the bap broadcast assistant, which poses a risk. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.