Severity: important
Affected versions:
- Apache NimBLE through 1.7.0
Description:
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
vulnerability in Apache NimBLE.
Specially crafted MESH message could result in memory corruption when
non-default build configuration is used.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Credit:
Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung
University, Dept. of CS, Security and Systems Lab. (reporter)
References:
https://mynewt.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-47248
