Lucene search

ApacheCVE-2024-24746

HistoryApr 06, 2024 - 12:15 p.m.

CVE-2024-24746

2024-04-0612:15:08

CWE-835

apache

web.nvd.nist.gov

cve-2024-24746

apache nimble

gatt operation

denial of service

bluetooth stack

upgrade

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

15.5%

JSON

Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Apache NimBLE.

Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.

This issue affects Apache NimBLE: through 1.6.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.

Affected configurations

Vulners

Vulnrichment

Node

apachenimbleRange≤1.6.0

VendorProductVersionCPE
apachenimble*cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	nimble	*	cpe:2.3:a:apache:nimble::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache NimBLE",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.6.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2024/04/05/2

github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594

lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-24746