CVE-2024-47250

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.7.0

Description The issue is an Out-of-bounds Read vulnerability in Apache NimBLE. It is caused by missing proper validation of the HCI advertising report, which could lead to out-of-bound access when parsing an HCI event, resulting in bogus GAP 'device found' events being sent. This issue requires a broken or bogus Bluetooth controller and is considered low severity.

Recommendations For Apache NimBLE versions through 1.7.0, users are recommended to upgrade to version 1.8.0, which fixes the issue. As a temporary workaround, consider restricting the use of the HCI advertising report functionality until the patch is applied.