CVE-2024-47250
Last modified
CVE-2024-47250 is a medium-severity vulnerability rated 5/10 on the CVSS scale. Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.. EPSS estimates a 0.66% chance of exploitation in the next 30 days.
Description
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Metrics
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Nimble | < 1.8.0 |
References
- https://lists.apache.org/thread/zdb50spojlqbn0yxd866mbzqjt2vpt85Mailing List, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2024/11/26/4Mailing List, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-47250?
How severe is CVE-2024-47250?
How do I fix CVE-2024-47250?
Are you affected by CVE-2024-47250?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST