We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-47248

Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack



Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Reserved 2024-09-23 | Published 2024-11-26 | Updated 2024-12-06 | Assigner apache

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unaffected

Any version
affected

Credits

Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab. reporter

References

lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz vendor-advisory

github.com/...ommit/4f75c0b3b466186beff40e8489870c6cee076aaa patch

cve.org (CVE-2024-47248)

nvd.nist.gov (CVE-2024-47248)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-47248

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.