oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-47249: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler

From: Szymon Janc <janc () apache org>
Date: Tue, 26 Nov 2024 08:17:07 +0000
Severity: low

Affected versions:

- Apache NimBLE through 1.7.0

Description:

Improper Validation of Array Index vulnerability in Apache NimBLE.

Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Credit:

Eunkyu Lee (reporter)

References:

https://mynewt.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-47249
Previous By Date Next
Previous By Thread Next

Current thread: