CVE-2024-48981

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 20, 2024
Updated: Nov 25, 2024
CWE ID 120

Summary

CVE-2024-48981 is a vulnerability affecting MBed OS 6.16.0. The issue lies in the handling of HCI packets, where the software fails to drop packets with invalid identifiers and does not set a safe default for unknown packet header lengths. This leads to a buffer overflow, enabling an attacker to overwrite the pointer to a not-yet-allocated buffer and the state variable used by the function for packet parsing. By manipulating the packet header length and advancing to the next step of packet processing without proper buffer allocation, attackers can write arbitrary data to memory, potentially leading to code execution or other serious consequences.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share