CVE-2024-47248

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

6.3MEDIUM

EPSS

0.0%

top 89.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Nimble Apache Software Foundation Apache Nimble

Timeline

PublishedNov 26

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶NVDapache/nimble< 1.8.0

▶CVEListV5apache_software_foundation/apache_nimble1.7.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-f94q-ffqr-x638: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE↗2024-11-26

▶

CVEList

Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack↗2024-11-26

▶

📋Vendor Advisories

Oracle

Oracle Oracle Financial Services Applications Risk Matrix: Installer (PyArrow) — CVE-2023-47248↗2024-07-15

▶