QwikSec

Security Database

CVE

CWE

Training

CVE-2024-47249

Published: Nov 26, 2024

Modified: Dec 6, 2024

PUBLISHED

Description

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache NimBLE	affected `0 - <= 1.7.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq

vendor-advisory

https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.