Linh Le

**Name of the Vulnerable Software and Affected Versions** mbedtls versions prior to 3.6.4 **Description** The software contains a NULL pointer dereference issue in the `mbedtls asn1 store named data` function. This occurs when conflicting data is triggered with `val.p` being NULL but `val.len` being greater than zero. **Recommendations** Update to version 3.6.4 or later.

**Name of the Vulnerable Software and Affected Versions** Car App Android Jetpack Library versions prior to 1.7.0-beta02 **Description** The issue is related to a code execution vulnerability in the Car App Android Jetpack Library. Specifically, the `CarAppService` uses deserialization logic that allows the construction of arbitrary Java classes, which can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on the victim's device to attack any application that uses the vulnerable library. **Recommendations** For versions prior to 1.7.0-beta02, upgrade the library past version 1.7.0-beta02 to resolve the issue. As a temporary workaround, consider restricting the use of the `CarAppService` until a patch is available. Avoid using the vulnerable library in applications until the issue is resolved.