CVE-2024-24746
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.
Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.
This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache NimBLE | 0 <= 1.6.0 | affected |
Weaknesses
- CWE-835: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078
- https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594
- http://www.openwall.com/lists/oss-security/2024/04/05/2
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078
- https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594
- http://www.openwall.com/lists/oss-security/2024/04/05/2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.