Apache NimBLE 1.7.0 Out-of-Bound via HCI Event Array Index
CVE-2024-47249 Published on November 26, 2024

Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is an out-of-bounds array index Vulnerability?

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVE-2024-47249 has been classified to as an out-of-bounds array index vulnerability or weakness.


Products Associated with CVE-2024-47249

Want to know whenever a new CVE is published for Apache Nimble? stack.watch will email you.

Apache Nimble
 

Affected Versions

Apache Software Foundation Apache NimBLE:

Exploit Probability

EPSS
0.02%
Percentile
5.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.