CVE-2024-48984

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 20, 2024
Updated: Nov 25, 2024
CWE ID 120

Summary

CVE-2024-48984 is a vulnerability affecting MBed OS 6.16.0. The issue lies in the hci parsing software, which determines the length of hci reports by reading a byte from an input stream. It then uses this length to calculate the beginning of the next report and so on. However, there is no validation that these addresses are within the buffer, leading to the possibility of out-of-bounds length fields. When copying reports, the length field of the previous report is overwritten, resulting in a corrupted length field. This corrupted length field is then used for a memcpy into the new buffer, potentially causing a buffer overflow.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share