CVE-2024-47248

MEDIUM

Apache NimBLE <1.7.0 - Buffer Overflow

Title source: llm

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References (3)

[Patch] https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa

View Patch ZIP pw:eip

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz

[Mailing List, Vendor Advisory] http://www.openwall.com/lists/oss-security/2024/11/26/2

Scores

CVSS v3 6.3

EPSS 0.0004

EPSS Percentile 10.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-120

Status published

Affected Products (1)

apache/nimble < 1.8.0

Timeline

Published Nov 26, 2024

Tracked Since Feb 18, 2026