CVE-2024-47248

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47248
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa
https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz
http://www.openwall.com/lists/oss-security/2024/11/26/2
Configurations

No configuration.

History

06 Dec 2024, 11:15

Type Values Removed Values Added
References
  • () https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa -

26 Nov 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/11/26/2 -
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.3
Summary
  • (es) Vulnerabilidad de copia de búfer sin comprobar el tamaño de la entrada ('desbordamiento de búfer clásico') en Apache NimBLE. Un mensaje MESH especialmente manipulado podría provocar una corrupción de la memoria cuando se utiliza una configuración de compilación no predeterminada. Este problema afecta a Apache NimBLE: hasta la versión 1.7.0. Se recomienda a los usuarios que actualicen a la versión 1.8.0, que soluciona el problema.

26 Nov 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-26 12:15

Updated : 2024-12-06 11:15

NVD link : CVE-2024-47248

Mitre link : CVE-2024-47248

CVE.ORG link : CVE-2024-47248

JSON object : View

Products Affected

No product.

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')