Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <650e8aac-e317-d29a-a7a8-b3db99eeecb1@apache.org>
Date: Mon, 26 May 2025 00:27:23 +0000
From: Tomasz Cedro <cederom@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and
 UART DoS/RCE Vulnerabilities. 

Severity: important

Affected versions:

- Apache NuttX RTOS 7.25 before 12.9.0

Description:

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.

NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.

This issue affects Apache NuttX: from 7.25 before 12.9.0.

Credit:

Chongqing Lei <leicq@....edu.cn> (reporter)
Zhen Ling <zhenling@....edu.cn> (reporter)
Chongqing Lei <leicq@....edu.cn> (remediation developer)

References:

https://github.com/apache/nuttx/pull/16179
https://nuttx.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-35003

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.