CVE-2024-51569

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.This issue requires broken or bogus Bluetooth controller and thus severity is considere...

CVE-2024-47248

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used.This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to v...

CVE-2024-47249

Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.This issue requires broken or bogus Bluetooth controller and thus severity is considered low.This issue affects Apache ...

CVE-2024-47250

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.This issue requires broken or bogus Bluetooth controller and thus severity is considere...