CVE-2024-47248
- Source
- https://cve.org/CVERecord?id=CVE-2024-47248
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47248.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47248
- Published
- 2024-11-26T12:15:19.007Z
- Modified
- 2026-04-12T09:38:27.414828Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.
Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
- References
Affected packages
Git / github.com/apache/mynewt-nimble
Affected versions
Other
nimble_1_5_0_rc1_tag
nimble_1_5_0_tag
nimble_1_6_0_rc1_tag
nimble_1_6_0_tag
nimble_1_7_0_rc1_tag
nimble_1_7_0_tag
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47248.json"
vanir_signatures_modified
"2026-04-12T09:38:27Z"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 245.0,
"function_hash": "230280845175757567461421694865095037775"
},
"source": "https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa",
"id": "CVE-2024-47248-3d186b5e",
"signature_type": "Function",
"target": {
"function": "pb_adv_init",
"file": "nimble/host/mesh/src/pb_adv.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"179230251640405652593823843624718322049",
"208930745748693436423409710197672363026",
"255694981456333338041418283779508562039",
"27098335575085465032805748592728744434",
"179183088004213350825934099371213090724",
"45849850707538671624957992623793947613",
"200095944061272487208907264619755914622",
"205425491690587406867853572341551327786",
"27794071222454208548413571031235531368",
"35568718359506840463477933059408578997",
"137920408056414380907363244931118002200",
"45627223048483779038732452265560250023",
"45849850707538671624957992623793947613",
"200095944061272487208907264619755914622"
]
},
"source": "https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa",
"id": "CVE-2024-47248-6d763609",
"signature_type": "Line",
"target": {
"file": "nimble/host/mesh/src/pb_adv.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 543.0,
"function_hash": "275173413536812125388486536657466610588"
},
"source": "https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa",
"id": "CVE-2024-47248-9cddc0ee",
"signature_type": "Function",
"target": {
"function": "reset_adv_link",
"file": "nimble/host/mesh/src/pb_adv.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1499.0,
"function_hash": "126795949624981165867665649811877056607"
},
"source": "https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa",
"id": "CVE-2024-47248-c9dfece9",
"signature_type": "Function",
"target": {
"function": "gen_prov_cont",
"file": "nimble/host/mesh/src/pb_adv.c"
}
}
]