Infinite Loop Vulnerability in Apache NimBLE Affects Bluetooth Stack or Device
CVE-2024-24746

Currently unrated

Key Information:

Vendor
Apache
Status
Apache Nimble
Vendor
CVE Published:
6 April 2024

Summary

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. 

Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.

This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Affected Version(s)

Apache NimBLE 0 <= 1.6.0

References

https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kc...
vendor-advisory
https://github.com/apache/mynewt-nimble/commit/d42a0ebe66...
patch

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Baptiste Boyer from Quarkslab Vulnerability Reports team
.