Xiaobye-Ctf

Name of the Vulnerable Software and Affected Versions: ESF-IDF versions 5.1.6, 5.2.5, 5.3.3, and 5.4.1 Description: An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of the ESP-IDF framework. This issue stems from insufficient validation of user-supplied data length in the packet receive function. Under certain conditions, this may lead to out-of-bounds memory access and may allow arbitrary memory write operations. On systems without a memory protection scheme, this behavior could potentially be used to achieve remote code execution (RCE) on the target device. Recommendations: For ESP-IDF v5.3 and earlier, a workaround can be applied by validating that the `data len` parameter received in the RX callback (registered via `esp now register recv cb()`) is a positive value before further processing. For ESP-IDF v5.4 and later, users are advised to upgrade to a patched version of ESP-IDF to take advantage of the built-in mitigation.

Name of the Vulnerable Software and Affected Versions: BT:Classic (affected versions not specified) Description: The issue concerns multiple missing buffer length checks. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bluetooth (affected versions not specified) **Description** The issue arises from a missing check in the LL CONNECTION UPDATE IND packet, which leads to a division by zero error. This error occurs due to the lack of proper validation in the packet handling mechanism. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bluetooth Low Energy (BLE) devices (affected versions not specified) **Description** A malicious BLE device can send a specific order of packet sequence to cause a Denial of Service (DoS) attack on the victim BLE device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr RTOS versions prior to 3.6 **Description** The issue allows a malicious BLE device to crash a BLE victim device by sending a malformed gatt packet. This can be exploited for local attacks. Network segmentation can help mitigate the risk until an update is applied. **Recommendations** For Zephyr RTOS versions prior to 3.6, patch or upgrade immediately to prevent local attacks. Ensure network segmentation to mitigate risk until updated. As a temporary workaround, consider restricting access to BLE devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zephyr OS (affected versions not specified) **Description** The issue allows a malicious BLE device to cause a buffer overflow by sending a malformed advertising packet to a BLE device using Zephyr OS. This can lead to a Denial of Service (DoS) or potentially allow for Remote Code Execution (RCE) on the victim BLE device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.