PT-2024-34712 · Apache · Apache Nimble
Eunkyu Lee
·
Published
2024-11-26
·
Updated
2025-07-08
·
CVE-2024-51569
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache NimBLE versions through 1.7.0
Description
The issue is an Out-of-bounds Read vulnerability in Apache NimBLE. It is caused by missing proper validation of HCI Number Of Completed Packets, which could lead to out-of-bound access when parsing HCI events and invalid read from HCI transport memory. This issue requires a broken or bogus Bluetooth controller and is considered low severity.
Recommendations
For Apache NimBLE versions through 1.7.0, users are recommended to upgrade to version 1.8.0, which fixes the issue.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Nimble