PT-2024-32493 · Apache · Apache Nimble
Wei Che Kao
+1
·
Published
2024-11-26
·
Updated
2025-07-08
·
CVE-2024-47248
CVSS v3.1
6.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Apache NimBLE versions through 1.7.0
Description
A Buffer Copy without Checking Size of Input, also known as a 'Classic Buffer Overflow', vulnerability in Apache NimBLE could result in memory corruption when a specially crafted MESH message is used and a non-default build configuration is applied. Users are recommended to upgrade to a newer version to fix the issue.
Recommendations
For Apache NimBLE versions through 1.7.0, upgrade to version 1.8.0, which fixes the issue. As a temporary workaround, consider restricting the use of specially crafted MESH messages to minimize the risk of exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Nimble