Lucene search
K

6 matches found

CVE
CVE
added 2022/05/03 8:22 p.m.78 views

CVE-2021-27435

CVE-2021-27435 affects ARM Mbed OS 6.3.0. It is due to an integer wrap-around in malloc_wrapper, enabling arbitrary memory allocation and potentially causing a crash or remote code execution. Exploitation status is not detailed in the provided documents, and there is no known public exploit per t...

9.8CVSS8.7AI score0.01691EPSS
CVE
CVE
added 2024/11/20 12:0 a.m.57 views

CVE-2024-48983

CVE-2024-48983 (MBed OS 6.16.0) describes a denial-of-service risk caused by an integer overflow during HCI packet length handling. The code computes packet size by reading two header bytes, allocates a buffer as body length plus header length, and then increments by sizeof(wsfMsg_t). This can pr...

7.5CVSS7.5AI score0.00436EPSS
CVE
CVE
added 2024/11/20 12:0 a.m.54 views

CVE-2024-48986

CVE-2024-48986 affects MBed OS 6.16.0: the HCI parsing code determines packet lengths by reading a header byte, allocates a buffer based on event type, and then copies header-specified data into that buffer, potentially causing a buffer overflow. The impact is described as trivial for denial of s...

7.5CVSS7.1AI score0.00463EPSS
CVE
CVE
added 2024/11/20 12:0 a.m.53 views

CVE-2024-48982

MBed OS 6.16.0 contains a vulnerability in the HCI packet length parsing. The hci parsing software reads a length byte from the packet header and assumes it is >= 3, but does not enforce this. If length

7.5CVSS7.3AI score0.00463EPSS
CVE
CVE
added 2024/11/20 12:0 a.m.50 views

CVE-2024-48981

Summary: MBed OS 6.16.0 contains a vulnerability in HCI packet processing. The code path that determines the packet header length during HCI input (function hciTrSerialRxIncoming) does not discard packets with invalid identifiers and does not set a safe default for unknown header lengths. This ca...

7.5CVSS7.6AI score0.00347EPSS
CVE
CVE
added 2024/11/20 12:0 a.m.49 views

CVE-2024-48985

MBed OS 6.16.0 is affected by a buffer overflow in HCI packet processing. When reading the packet length from the first two bytes, the code allocates a buffer sized to the packet body plus header; if allocation fails due to an oversized packet, there is no proper error handling and hciTrSerialRxI...

7.5CVSS7.3AI score0.00367EPSS