CVE-2024-24746 - Vulnerability Details - OpenCVE

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.

Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.

This issue affects Apache NimBLE: through 1.6.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Apache	Nimble

Configuration 1 [-]

cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-22145	Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/04/05/2
https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594
https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078

History

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache nimble
CPEs		cpe:2.3:a:apache:nimble::::::::
Vendors & Products		Apache Apache nimble
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 22 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-04-06T11:56:07.232Z

Updated: 2025-02-13T17:40:20.471Z

Reserved: 2024-01-29T10:30:51.628Z

Link: CVE-2024-24746

Vulnrichment

Updated: 2024-08-01T23:28:11.886Z

NVD

Status : Analyzed

Published: 2024-04-06T12:15:08.310

Modified: 2025-06-17T20:45:18.740

Link: CVE-2024-24746

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24746", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-01-29T10:30:51.628Z", "datePublished": "2024-04-06T11:56:07.232Z", "dateUpdated": "2025-02-13T17:40:20.471Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache NimBLE", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.6.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Baptiste Boyer from Quarkslab Vulnerability Reports team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. <br><br>Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.<br><br><span style=\"background-color: var(--wht);\">This issue affects Apache NimBLE: through 1.6.0.<br></span><span style=\"background-color: var(--wht);\">Users are recommended to upgrade to version 1.7.0, which fixes the issue.</span>"}], "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.\u00a0\n\nSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\n\nThis issue affects Apache NimBLE: through 1.6.0.\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-05-01T18:08:25.113Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"}, {"tags": ["patch"], "url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache NimBLE: Denial of service in NimBLE Bluetooth stack", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:11.886Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"}, {"tags": ["patch", "x_transferred"], "url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-835", "lang": "en", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "affected": [{"vendor": "apache", "product": "nimble", "cpes": ["cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.6.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-22T13:32:29.634730Z", "id": "CVE-2024-24746", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T13:35:06.889Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594", "tags": ["patch", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:11.886Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-24746", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-22T13:32:29.634730Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*"], "vendor": "apache", "product": "nimble", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.6.0"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T13:33:17.559Z"}}], "cna": {"title": "Apache NimBLE: Denial of service in NimBLE Bluetooth stack", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Baptiste Boyer from Quarkslab Vulnerability Reports team"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache NimBLE", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.6.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078", "tags": ["vendor-advisory"]}, {"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594", "tags": ["patch"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.\u00a0\n\nSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\n\nThis issue affects Apache NimBLE: through 1.6.0.\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. <br><br>Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.<br><br><span style=\"background-color: var(--wht);\">This issue affects Apache NimBLE: through 1.6.0.<br></span><span style=\"background-color: var(--wht);\">Users are recommended to upgrade to version 1.7.0, which fixes the issue.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-05-01T18:08:25.113Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24746", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:40:20.471Z", "dateReserved": "2024-01-29T10:30:51.628Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-04-06T11:56:07.232Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*", "matchCriteriaId": "886F6C28-EF8D-4F3F-97FB-6221D6322B55", "versionEndExcluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.\u00a0\n\nSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\n\nThis issue affects Apache NimBLE: through 1.6.0.\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue."}, {"lang": "es", "value": "Bucle con vulnerabilidad de condici\u00f3n de salida inalcanzable (\"bucle infinito\") en Apache NimBLE. La operaci\u00f3n GATT especialmente manipulada puede causar un bucle infinito en el servidor GATT que lleva a la denegaci\u00f3n de servicio en la pila o dispositivo Bluetooth. Este problema afecta a Apache NimBLE: hasta 1.6.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.7.0, que soluciona el problema."}], "id": "CVE-2024-24746", "lastModified": "2025-06-17T20:45:18.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-06T12:15:08.310", "references": [{"source": "security@apache.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"}, {"source": "security@apache.org", "tags": ["Patch"], "url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-835"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}