Lucene search
+L

266 matches found

CVE
CVE
added 2024/11/26 11:17 a.m.79 views

CVE-2024-51569

CVE-2024-51569 affects Apache NimBLE (through 1.7.0). The root cause is missing validation of HCI Number Of Completed Packets, leading to an out-of-bounds read while parsing HCI events and reading from HCI transport memory. The issue requires a broken/bogus Bluetooth controller to trigger the fau...

7.5CVSS6.5AI score0.01155EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2024/11/26 11:17 a.m.4 views

CVE-2024-51569

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...

7.5CVSS7.2AI score0.01155EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/26 11:17 a.m.24 views

CVE-2024-51569 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...

0.01155EPSS
Exploits0References2
OSV
OSV
added 2024/11/26 11:17 a.m.6 views

CVE-2024-51569 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...

7.5CVSS6AI score0.01155EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/26 11:17 a.m.18 views

CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...

0.00664EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/26 11:17 a.m.13 views

CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...

7.1AI score0.00664EPSS
Exploits0References3
CVE
CVE
added 2024/11/26 11:17 a.m.57 views

CVE-2024-47250

CVE-2024-47250 affects Apache NimBLE (through 1.7.0). The issue is an out-of-bounds read caused by missing validation of the HCI advertising report, which can trigger out-of-bound access while parsing HCI events and may generate bogus GAP “device found” events. The vulnerability requires a broken...

5CVSS6.6AI score0.00664EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2024/11/26 11:17 a.m.4 views

CVE-2024-47250

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...

5CVSS7.3AI score0.00664EPSS
Exploits0References4
OSV
OSV
added 2024/11/26 11:17 a.m.9 views

CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...

5CVSS6AI score0.00664EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/26 11:16 a.m.24 views

CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...

0.00597EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/26 11:16 a.m.14 views

CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...

7.4AI score0.00597EPSS
Exploits0References2
CVE
CVE
added 2024/11/26 11:16 a.m.63 views

CVE-2024-47249

CVE-2024-47249 affects Apache NimBLE up to version 1.7.0. The issue is improper validation of array indices for HCI events from the Bluetooth controller, which can cause out-of-bounds memory corruption and crashes. Upgrading to NimBLE 1.8.0 is recommended and fixes the issue. No exploitation deta...

5CVSS6.9AI score0.00597EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/26 11:16 a.m.5 views

CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...

5CVSS6AI score0.00597EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2024/11/26 11:16 a.m.7 views

CVE-2024-47249

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...

5CVSS7.5AI score0.00597EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/26 11:15 a.m.33 views

CVE-2024-47248 Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...

0.00692EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/26 11:15 a.m.15 views

CVE-2024-47248 Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...

7.3AI score0.00692EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/11/26 11:15 a.m.6 views

CVE-2024-47248

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...

6.3CVSS7.5AI score0.00692EPSS
Exploits0References3
CVE
CVE
added 2024/11/26 11:15 a.m.73 views

CVE-2024-47248

Apache NimBLE

6.3CVSS6.8AI score0.00692EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/26 11:15 a.m.9 views

CVE-2024-47248 Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...

6.3CVSS6AI score0.00692EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.6 views

Apache NimBLE 安全漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A security vulnerability exists in Apache NimBLE 1.7.0 and prior versions, which...

5CVSS6.8AI score0.00597EPSS
Exploits0References2
Rows per page
Query Builder