CVE-2024-47250

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47250
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

5.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/apache/mynewt-nimble/commit/23d61150ddae4bc8356356d7ef09d816fb89da45
https://github.com/apache/mynewt-nimble/commit/3b7a32ea09a3bffaab831ee0ab193a2375fc4df6
https://lists.apache.org/thread/zdb50spojlqbn0yxd866mbzqjt2vpt85
http://www.openwall.com/lists/oss-security/2024/11/26/4
Configurations

No configuration.

History

06 Dec 2024, 11:15

Type Values Removed Values Added
References
  • () https://github.com/apache/mynewt-nimble/commit/23d61150ddae4bc8356356d7ef09d816fb89da45 -
  • () https://github.com/apache/mynewt-nimble/commit/3b7a32ea09a3bffaab831ee0ab193a2375fc4df6 -
Summary
  • (es) Vulnerabilidad de lectura fuera de los límites en Apache NimBLE. La falta de una validación adecuada del informe de publicidad de HCI podría provocar un acceso fuera de los límites al analizar un evento de HCI y, por lo tanto, el envío de eventos de "dispositivo encontrado" de GAP falsos. Este problema requiere un controlador Bluetooth roto o falso y, por lo tanto, la gravedad se considera baja. Este problema afecta a Apache NimBLE: hasta 1.7.0. Se recomienda a los usuarios que actualicen a la versión 1.8.0, que soluciona el problema.

26 Nov 2024, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.0

26 Nov 2024, 14:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/11/26/4 -

26 Nov 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-26 12:15

Updated : 2024-12-06 11:15

NVD link : CVE-2024-47250

Mitre link : CVE-2024-47250

CVE.ORG link : CVE-2024-47250

JSON object : View

Products Affected

No product.

CWE
CWE-125

Out-of-bounds Read