Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <c04ee654-deff-ce5a-e4c2-4f6ec9c61f08@apache.org>
Date: Tue, 26 Nov 2024 08:16:55 +0000
From: Szymon Janc <janc@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2024-47248: Apache NimBLE: Buffer overflow in NimBLE MESH
 Bluetooth stack 

Severity: important

Affected versions:

- Apache NimBLE through 1.7.0

Description:

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.

Specially crafted MESH message could result in memory corruption when non-default build configuration is used.
This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Credit:

Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab. (reporter)

References:

https://mynewt.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-47248

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.