CVE-2024-47248

CVE-2024-47248: Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack

Vendor Apache Software Foundation

Product Apache NimBLE

Weakness CWE-120

Published November 26, 2024

Last update December 6, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Key dates

Disclosure timeline

November 26, 2024 CVE published

December 6, 2024 Record updated