CVE-2024-47249

Name
CVE-2024-47249
Description
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq
security@apache.org https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2024/11/26/3

Match rules

CPE URI Source package Min version Max version
apache-nimble >= 0 <= 1.7.0
cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:* nimble >= None < 1.8.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
nimble edge-community 0.14.2-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
nimble 3.22-community 0.14.2-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable