{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47249", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-09-23T08:55:51.217Z", "datePublished": "2024-11-26T11:16:35.626Z", "dateUpdated": "2024-12-06T10:15:23.820Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache NimBLE", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.7.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Eunkyu Lee"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper Validation of Array Index vulnerability in Apache NimBLE.</p>Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.<br>This issue requires broken or bogus Bluetooth controller and thus severity is considered low.<br><p>This issue affects Apache NimBLE: through 1.7.0.</p><p>Users are recommended to upgrade to version 1.8.0, which fixes the issue.</p>"}], "value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-12-06T10:15:23.820Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq"}, {"tags": ["patch"], "url": "https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/26/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-26T13:09:21.879Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T16:36:16.976066Z", "id": "CVE-2024-47249", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T16:36:38.822Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/11/26/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-26T13:09:21.879Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-47249", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-26T16:36:16.976066Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T16:36:32.062Z"}}], "cna": {"title": "Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Eunkyu Lee"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache NimBLE", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.7.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq", "tags": ["vendor-advisory"]}, {"url": "https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Validation of Array Index vulnerability in Apache NimBLE.</p>Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.<br>This issue requires broken or bogus Bluetooth controller and thus severity is considered low.<br><p>This issue affects Apache NimBLE: through 1.7.0.</p><p>Users are recommended to upgrade to version 1.8.0, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-12-06T10:15:23.820Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47249", "state": "PUBLISHED", "dateUpdated": "2024-12-06T10:15:23.820Z", "dateReserved": "2024-09-23T08:55:51.217Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-11-26T11:16:35.626Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*", "matchCriteriaId": "71BB8957-7DC2-4E02-B560-1526E9758F46", "versionEndExcluding": "1.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n incorrecta del \u00edndice de matriz en Apache NimBLE. La falta de validaci\u00f3n de entrada para eventos HCI del controlador podr\u00eda provocar una corrupci\u00f3n de la memoria fuera de los l\u00edmites y un bloqueo. Este problema requiere un controlador Bluetooth da\u00f1ado o falso y, por lo tanto, se considera de baja gravedad. Este problema afecta a Apache NimBLE: hasta la versi\u00f3n 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema."}], "id": "CVE-2024-47249", "lastModified": "2025-07-08T14:17:12.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-26T12:15:19.123", "references": [{"source": "security@apache.org", "tags": ["Patch"], "url": "https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1"}, {"source": "security@apache.org", "tags": ["Vendor Advisory", "Mailing List"], "url": "https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/11/26/3"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{}