CVE-2024-48983
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-48983 is a vulnerability affecting MBed OS 6.16.0. The issue lies in the way HCI packets are processed. The software determines the length of the packet data by reading the first two bytes from the header, then allocates a buffer to contain the entire packet based on this size, plus the header length, and an additional sizeof(wsfMsg_t). This could lead to an integer overflow, resulting in a buffer that is insufficient to hold the entire packet. This issue can cause a denial-of-service attack by overflowing the buffer with maliciously crafted packets, up to a maximum of 65 KB. However, the exploit is limited to causing a crash, as the memory is dynamically allocated and cannot be reliably used for further exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- O S