Wei Che Kao

**Name of the Vulnerable Software and Affected Versions** Apache NimBLE versions through 1.7.0 **Description** A Buffer Copy without Checking Size of Input, also known as a 'Classic Buffer Overflow', vulnerability in Apache NimBLE could result in memory corruption when a specially crafted MESH message is used and a non-default build configuration is applied. Users are recommended to upgrade to a newer version to fix the issue. **Recommendations** For Apache NimBLE versions through 1.7.0, upgrade to version 1.8.0, which fixes the issue. As a temporary workaround, consider restricting the use of specially crafted MESH messages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** btstack mesh versions before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 **Description** The issue allows a remote attacker to execute arbitrary code via the `pb adv handle tranaction cont` function in the src/mesh/pb adv.c component. This is a Buffer Overflow vulnerability. **Recommendations** For versions before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58, update to version v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 or later to resolve the issue. As a temporary workaround, consider disabling the `pb adv handle tranaction cont` function until a patch is available.