Sploitem

**Name of the Vulnerable Software and Affected Versions** is mount point (affected versions not specified) **Description** The issue concerns a possible buffer overflow in the is mount point function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** esp32 ipm send (affected versions not specified) **Description** The issue involves a signed to unsigned conversion in the `esp32 ipm send` function. This could potentially lead to unexpected behavior or errors. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The issue is related to an unchecked length coming from user input in the settings shell. This could potentially lead to exploitation. No specific details about affected devices or real-world incidents are provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contiki-NG versions prior to the next release **Description** An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. The prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a `memcmp` function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. **Recommendations** Update to the next release of Contiki-NG as soon as it is available. Alternatively, manually apply the changes in Contiki-NG pull request #2721 to patch the issue.

**Name of the Vulnerable Software and Affected Versions** Contiki-NG versions prior to 4.9 **Description** The issue is caused by insufficient control of the lengths for DIO and DAO messages, particularly when they contain RPL sub-option headers, allowing an attacker to trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. **Recommendations** For versions prior to 4.9, upgrade to Contiki-NG 4.9 to resolve the issue. For users unable to upgrade, manually apply the code changes in PR #2484 as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue might be related to a possible variant of a problem in the function `le ecred reconf req()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.