PT-2024-20526 · Apache · Apache Nimble

Baptiste Boyer

Published

2024-04-05

Updated

2024-08-22

CVE-2024-24746

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.6.0

Description A specially crafted GATT operation can cause an infinite loop in the GATT server, leading to a denial of service in the Bluetooth stack or device.

Recommendations For Apache NimBLE versions through 1.6.0, upgrade to version 1.7.0 to fix the issue. As a temporary workaround, consider restricting the use of the GATT operation to minimize the risk of exploitation.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2024-24746

Affected Products

Apache Nimble

PT-2024-20526 · Apache · Apache Nimble

CVE-2024-24746

Weakness Enumeration

Related Identifiers

Affected Products

References · 10