CVE-2024-47249 (GCVE-0-2024-47249)

Vulnerability from cvelistv5 – Published: 2024-11-26 11:16 – Updated: 2024-12-06 10:15
VLAI?
Title
Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Summary
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
  • CWE-129 - Improper Validation of Array Index
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache NimBLE Affected: 0 , ≤ 1.7.0 (semver)
Create a notification for this product.
Credits
Eunkyu Lee
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-26T13:09:21.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/26/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-47249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T16:36:16.976066Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T16:36:38.822Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache NimBLE",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Eunkyu Lee"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Validation of Array Index vulnerability in Apache NimBLE.\u003c/p\u003eLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\u003cbr\u003eThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-129",
              "description": "CWE-129 Improper Validation of Array Index",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-06T10:15:23.820Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-47249",
    "datePublished": "2024-11-26T11:16:35.626Z",
    "dateReserved": "2024-09-23T08:55:51.217Z",
    "dateUpdated": "2024-12-06T10:15:23.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Validation of Array Index vulnerability in Apache NimBLE.\\n\\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\\nThis issue affects Apache NimBLE: through 1.7.0.\\n\\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de validaci\\u00f3n incorrecta del \\u00edndice de matriz en Apache NimBLE. La falta de validaci\\u00f3n de entrada para eventos HCI del controlador podr\\u00eda provocar una corrupci\\u00f3n de la memoria fuera de los l\\u00edmites y un bloqueo. Este problema requiere un controlador Bluetooth da\\u00f1ado o falso y, por lo tanto, se considera de baja gravedad. Este problema afecta a Apache NimBLE: hasta la versi\\u00f3n 1.7.0. Se recomienda a los usuarios que actualicen a la versi\\u00f3n 1.8.0, que soluciona el problema.\"}]",
      "id": "CVE-2024-47249",
      "lastModified": "2024-12-06T11:15:08.340",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 5.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.4}]}",
      "published": "2024-11-26T12:15:19.123",
      "references": "[{\"url\": \"https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/26/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-129\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-47249\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-11-26T12:15:19.123\",\"lastModified\":\"2025-07-08T14:17:12.870\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Validation of Array Index vulnerability in Apache NimBLE.\\n\\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\\nThis issue affects Apache NimBLE: through 1.7.0.\\n\\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de validaci\u00f3n incorrecta del \u00edndice de matriz en Apache NimBLE. La falta de validaci\u00f3n de entrada para eventos HCI del controlador podr\u00eda provocar una corrupci\u00f3n de la memoria fuera de los l\u00edmites y un bloqueo. Este problema requiere un controlador Bluetooth da\u00f1ado o falso y, por lo tanto, se considera de baja gravedad. Este problema afecta a Apache NimBLE: hasta la versi\u00f3n 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.8.0\",\"matchCriteriaId\":\"71BB8957-7DC2-4E02-B560-1526E9758F46\"}]}]}],\"references\":[{\"url\":\"https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\",\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/11/26/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/26/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-11-26T13:09:21.879Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47249\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-26T16:36:16.976066Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-26T16:36:32.062Z\"}}], \"cna\": {\"title\": \"Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Eunkyu Lee\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache NimBLE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.7.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Validation of Array Index vulnerability in Apache NimBLE.\\n\\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\\nThis issue affects Apache NimBLE: through 1.7.0.\\n\\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Validation of Array Index vulnerability in Apache NimBLE.\u003c/p\u003eLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\u003cbr\u003eThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-129\", \"description\": \"CWE-129 Improper Validation of Array Index\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-12-06T10:15:23.820Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-47249\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-06T10:15:23.820Z\", \"dateReserved\": \"2024-09-23T08:55:51.217Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-11-26T11:16:35.626Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.