CVE-2024-6444 | zephyrproject-rtos Zephyr up to 3.6 ots_client.c olcp_ind_handler heap-based overflow

Posted by Angelo Barbosa | Oct 4, 2024 | CVE

A vulnerability has been found in zephyrproject-rtos Zephyr up to 3.6 and classified as critical. Affected by this vulnerability is the function olcp_ind_handler of the file zephyr/subsys/bluetooth/services/ots/ots_client.c. The manipulation leads to heap-based buffer overflow.

This vulnerability is known as CVE-2024-6444. The attack can only be initiated within the local network. There is no exploit available.

CVE-2024-6444 | zephyrproject-rtos Zephyr up to 3.6 ots_client.c olcp_ind_handler heap-based overflow

Related Posts

CVE-2024-5411 | ORing IAP-420 up to 2.01e Web Interface command injection

CVE-2024-39331 | GNU Emacs up to 29.3 lisp/ol.el org-link-expand-abbrev os command injection

CVE-2024-2244 | Hitachi Energy Asset Suite EAM prior 9.6.3.13/9.6.4.1 REST Service improper authentication

CVE-2024-34204 | Totolink CP450 4.1.0cu.747_B20191224 setUpgradeFW FileName command injection