Home > Vulnerability Database > CVE-2024-51569

Mend.io Vulnerability Database

CVE-2024-51569

Date: November 26, 2024

Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.

Language: C

Severity Score

2.9

Related Resources (5)

Url: https://github.com/apache/mynewt-nimble/commit/4e3ac5b6e7c7df63a594c4ff6839e266b4ccfed9

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-51569

Url: http://www.openwall.com/lists/oss-security/2024/11/26/5

Url: https://lists.apache.org/thread/q0vs5rddx1lho30xnpsrvpzgxqmywnhs

Url: https://www.mend.io/vulnerability-database/CVE-2024-51569

Severity Score

2.9

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	2.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-51569

Date: November 26, 2024

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?