CVE-2024-51569

Name: CVE-2024-51569
Creator: NVD / NIST
Published: 2024-11-26T12:15:21.113+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.16%

Last modified Jun 17, 2026

CVE-2024-51569 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.. EPSS estimates a 1.16% chance of exploitation in the next 30 days.

Description

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

1.16%

63.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-125

Affected Software

Vendor	Product	Versions
Apache	Nimble	< 1.8.0

References

https://github.com/apache/mynewt-nimble/commit/4e3ac5b6e7c7df63a594c4ff6839e266b4ccfed9Patch
https://lists.apache.org/thread/q0vs5rddx1lho30xnpsrvpzgxqmywnhsVendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/26/5Mailing List, Vendor Advisory

Timeline

Published: Nov 26, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-51569?

How severe is CVE-2024-51569?

CVE-2024-51569 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.16% probability of exploitation in the next 30 days.

How do I fix CVE-2024-51569?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-51569?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST