QwikSec

Security Database

CVE

CWE

Training

CVE-2024-24746

Published: Apr 6, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache NimBLE	affected `0 - <= 1.6.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078

vendor-advisory

https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594

patch

http://www.openwall.com/lists/oss-security/2024/04/05/2

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.