QwikSec

Security Database

CVE

CWE

Training

CVE-2024-47248

Published: Nov 26, 2024

Modified: Dec 6, 2024

PUBLISHED

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache NimBLE	affected `0 - <= 1.7.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz

vendor-advisory

https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.