CVE-2024-51569

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-51569

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51569.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-51569

Published

2024-11-26T12:15:21Z

Modified

2025-01-15T05:16:17.018502Z

Summary

[none]

Details

Out-of-bounds Read vulnerability in Apache NimBLE.

Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References

Affected packages

Git / github.com/apache/mynewt-nimble

Affected ranges

Type: GIT
Repo: https://github.com/apache/mynewt-nimble
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e3ac5b6e7c7df63a594c4ff6839e266b4ccfed9

Affected versions

Other

nimble_1_5_0_rc1_tag

nimble_1_5_0_tag

nimble_1_6_0_rc1_tag

nimble_1_6_0_tag

nimble_1_7_0_rc1_tag

nimble_1_7_0_tag