CVE-2024-24746: Apache NimBLE: Denial of service in NimBLE Bluetooth stack

Szymon Janc Fri, 05 Apr 2024 00:20:16 -0700

Severity: important

Affected versions:


- Apache NimBLE through 1.6.0

Description:

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache 
NimBLE. 

Specially crafted GATT operation can cause infinite loop in GATT server leading 
to denial of service in Bluetooth stack or device.

This issue affects Apache NimBLE: through 1.6.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Credit:

Iván Arce from Quarkslab Vulnerability Reports team (reporter)

References:

https://mynewt.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-24746

CVE-2024-24746: Apache NimBLE: Denial of service in NimBLE Bluetooth stack

Reply via email to