CVE-2024-48982

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 20, 2024
Updated: Nov 25, 2024
CWE ID 120

Summary

CVE-2024-48982 is a vulnerability affecting MBed OS 6.16.0. The issue lies in the hci parsing software, which fails to ensure that the length of certain hci packets is sufficient before attempting to read it. If a packet with an insufficient length is supplied, a buffer overflow occurs in a dynamically allocated buffer. Moreover, large length values can cause an integer overflow. Although this vulnerability is trivial to exploit for a denial-of-service attack, it is unclear if it can be used to gain further system access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share