Vulnerability Details CVE-2024-47249
Improper Validation of Array Index vulnerability in Apache NimBLE.
Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.9%
CVSS Severity
CVSS v3 Score 5.0
References
Products affected by CVE-2024-47249
-
cpe:2.3:a:apache:nimble:1.0.0
-
cpe:2.3:a:apache:nimble:1.1.0
-
cpe:2.3:a:apache:nimble:1.2.0
-
cpe:2.3:a:apache:nimble:1.3.0
-
cpe:2.3:a:apache:nimble:1.4.0
-
cpe:2.3:a:apache:nimble:1.5.0
-
cpe:2.3:a:apache:nimble:1.6.0
-
cpe:2.3:a:apache:nimble:1.7.0