CVE-2024-47250

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47250
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47250.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47250
Published
2024-11-26T12:15:19Z
Modified
2025-01-08T16:16:57.385368Z
Summary
[none]
Details

Out-of-bounds Read vulnerability in Apache NimBLE.

Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/mynewt-nimble

Affected ranges

Type
GIT
Repo
https://github.com/apache/mynewt-nimble
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

nimble_1_5_0_rc1_tag
nimble_1_5_0_tag
nimble_1_6_0_rc1_tag
nimble_1_6_0_tag
nimble_1_7_0_rc1_tag
nimble_1_7_0_tag