CVE-2024-24746

CVE-2024-24746: Apache NimBLE: Denial of service in NimBLE Bluetooth stack

Vendor Apache Software Foundation

Product Apache NimBLE

Weakness CWE-835

Published April 6, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Key dates

Disclosure timeline

April 6, 2024 CVE published

February 13, 2025 Record updated