CVE-2024-47249
MEDIUMApache NimBLE <1.8.0 - Memory Corruption
Title source: llmDescription
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Scores
CVSS v3
5.0
EPSS
0.0002
EPSS Percentile
5.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Classification
CWE
CWE-129
Status
published
Affected Products (1)
apache/nimble
< 1.8.0
Timeline
Published
Nov 26, 2024
Tracked Since
Feb 18, 2026