CVE-2024-48982
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 20, 2024
Updated: Nov 25, 2024
CWE ID 120
Summary
CVE-2024-48982 is a vulnerability affecting MBed OS 6.16.0. The issue lies in the hci parsing software, which fails to ensure that the length of certain hci packets is sufficient before attempting to read it. If a packet with an insufficient length is supplied, a buffer overflow occurs in a dynamically allocated buffer. Moreover, large length values can cause an integer overflow. Although this vulnerability is trivial to exploit for a denial-of-service attack, it is unclear if it can be used to gain further system access.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- O S