CVE-2024-47249

EPSS 0.1%
Veröffentlicht 26.11.2024 12:15:19
Zuletzt bearbeitet 08.07.2025 14:17:12
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Improper Validation of Array Index vulnerability in Apache NimBLE.

Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Nimble Version < 1.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.274

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5	1.6	3.4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1

Patch

https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2024/11/26/3

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-47249

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47249

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47249

EUVD