Apache NimBLE:缺乏输入清理,导致多个广告处理程序中出现越界读取(CVE-2024-47249)
CVE编号
CVE-2024-47249
利用情况
暂无
补丁情况
N/A
披露时间
2024-11-26
漏洞描述
Improper Validation of Array Index vulnerability in Apache NimBLE.
Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
文章评论