CVE-2024-47249

{"id": "CVE-2024-47249", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}]}, "published": "2024-11-26T12:15:19.123", "references": [{"url": "https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1", "tags": ["Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq", "tags": ["Vendor Advisory", "Mailing List"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/26/3", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n incorrecta del \u00edndice de matriz en Apache NimBLE. La falta de validaci\u00f3n de entrada para eventos HCI del controlador podr\u00eda provocar una corrupci\u00f3n de la memoria fuera de los l\u00edmites y un bloqueo. Este problema requiere un controlador Bluetooth da\u00f1ado o falso y, por lo tanto, se considera de baja gravedad. Este problema afecta a Apache NimBLE: hasta la versi\u00f3n 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema."}], "lastModified": "2025-07-08T14:17:12.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71BB8957-7DC2-4E02-B560-1526E9758F46", "versionEndExcluding": "1.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}