CVE-2024-47248

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa	Patch
https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz	Vendor Advisory Mailing List
http://www.openwall.com/lists/oss-security/2024/11/26/2	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-26 12:15

Updated : 2025-07-08 14:18

NVD link : CVE-2024-47248

Mitre link : CVE-2024-47248

CVE.ORG link : CVE-2024-47248

JSON object : View

Products Affected

apache

nimble

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2024-47248", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-11-26T12:15:19.007", "references": [{"url": "https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz", "tags": ["Vendor Advisory", "Mailing List"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/26/2", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.\n\nSpecially crafted MESH message could result in memory corruption when non-default build configuration is used.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada ('desbordamiento de b\u00fafer cl\u00e1sico') en Apache NimBLE. Un mensaje MESH especialmente manipulado podr\u00eda provocar una corrupci\u00f3n de la memoria cuando se utiliza una configuraci\u00f3n de compilaci\u00f3n no predeterminada. Este problema afecta a Apache NimBLE: hasta la versi\u00f3n 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema."}], "lastModified": "2025-07-08T14:18:25.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71BB8957-7DC2-4E02-B560-1526E9758F46", "versionEndExcluding": "1.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}