PT-2024-32494 · Apache · Apache Nimble
Eunkyu Lee
·
Published
2024-11-26
·
Updated
2025-07-08
·
CVE-2024-47249
CVSS v3.1
5.0
Medium
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Apache NimBLE versions through 1.7.0
Description
The issue is related to improper validation of array indices in Apache NimBLE, which could result in out-of-bound memory corruption and crash due to lack of input validation for HCI events from the controller. This problem requires a broken or bogus Bluetooth controller and is considered low severity.
Recommendations
For Apache NimBLE versions through 1.7.0, users are recommended to upgrade to version 1.8.0, which fixes the issue.
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Nimble