CVE-2024-47249
Last modified
CVE-2024-47249 is a medium-severity vulnerability rated 5/10 on the CVSS scale. Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Metrics
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Nimble | < 1.8.0 |
References
- https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mqMailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2024/11/26/3Mailing List, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-47249?
How severe is CVE-2024-47249?
How do I fix CVE-2024-47249?
Are you affected by CVE-2024-47249?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST