CVE-2024-47250

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/apache/mynewt-nimble/commit/23d61150ddae4bc8356356d7ef09d816fb89da45	Patch
https://github.com/apache/mynewt-nimble/commit/3b7a32ea09a3bffaab831ee0ab193a2375fc4df6	Patch
https://lists.apache.org/thread/zdb50spojlqbn0yxd866mbzqjt2vpt85	Vendor Advisory Mailing List
http://www.openwall.com/lists/oss-security/2024/11/26/4	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-26 12:15

Updated : 2025-07-08 14:16

NVD link : CVE-2024-47250

Mitre link : CVE-2024-47250

CVE.ORG link : CVE-2024-47250

JSON object : View

Products Affected

apache

nimble

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-47250", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}]}, "published": "2024-11-26T12:15:19.230", "references": [{"url": "https://github.com/apache/mynewt-nimble/commit/23d61150ddae4bc8356356d7ef09d816fb89da45", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/apache/mynewt-nimble/commit/3b7a32ea09a3bffaab831ee0ab193a2375fc4df6", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread/zdb50spojlqbn0yxd866mbzqjt2vpt85", "tags": ["Vendor Advisory", "Mailing List"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/26/4", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en Apache NimBLE. La falta de una validaci\u00f3n adecuada del informe de publicidad de HCI podr\u00eda provocar un acceso fuera de los l\u00edmites al analizar un evento de HCI y, por lo tanto, el env\u00edo de eventos de \"dispositivo encontrado\" de GAP falsos. Este problema requiere un controlador Bluetooth roto o falso y, por lo tanto, la gravedad se considera baja. Este problema afecta a Apache NimBLE: hasta 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema."}], "lastModified": "2025-07-08T14:16:34.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71BB8957-7DC2-4E02-B560-1526E9758F46", "versionEndExcluding": "1.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}