266 matches found
CVE-2024-51569
CVE-2024-51569 affects Apache NimBLE (through 1.7.0). The root cause is missing validation of HCI Number Of Completed Packets, leading to an out-of-bounds read while parsing HCI events and reading from HCI transport memory. The issue requires a broken/bogus Bluetooth controller to trigger the fau...
CVE-2024-51569
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-51569 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-51569 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-47250
CVE-2024-47250 affects Apache NimBLE (through 1.7.0). The issue is an out-of-bounds read caused by missing validation of the HCI advertising report, which can trigger out-of-bound access while parsing HCI events and may generate bogus GAP “device found” events. The vulnerability requires a broken...
CVE-2024-47250
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...
CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...
CVE-2024-47249
CVE-2024-47249 affects Apache NimBLE up to version 1.7.0. The issue is improper validation of array indices for HCI events from the Bluetooth controller, which can cause out-of-bounds memory corruption and crashes. Upgrading to NimBLE 1.8.0 is recommended and fixes the issue. No exploitation deta...
CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...
CVE-2024-47249
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...
CVE-2024-47248 Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...
CVE-2024-47248 Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...
CVE-2024-47248
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...
CVE-2024-47248
Apache NimBLE
CVE-2024-47248 Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...
Apache NimBLE 安全漏洞
Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A security vulnerability exists in Apache NimBLE 1.7.0 and prior versions, which...