Classic Buffer Overflow Vulnerability in Apache NimBLE
CVE-2024-47248

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Nimble
Vendor: CVE Published:; 26 November 2024

Summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.

Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Affected Version(s)

Apache NimBLE 0 <= 1.7.0

References

https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92...

vendor-advisory

https://github.com/apache/mynewt-nimble/commit/4f75c0b3b4...

patch

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
Sep 23, 2024

Credit

Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab.