CVE-2024-47248丨Apache NimBLE：NimBLE MESH 蓝牙堆栈中的缓冲区溢出

2024年11月27日 162点热度 0人点赞 0条评论

CVE编号

CVE-2024-47248

利用情况

暂无

补丁情况

N/A

披露时间

2024-11-26

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.

Specially crafted MESH message could result in memory corruption when non-default build configuration is used.

This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://www.openwall.com/lists/oss-security/2024/11/26/2
https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz