CVE-2024-48984
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-48984 is a vulnerability affecting MBed OS 6.16.0. The issue lies in the hci parsing software, which determines the length of hci reports by reading a byte from an input stream. It then uses this length to calculate the beginning of the next report and so on. However, there is no validation that these addresses are within the buffer, leading to the possibility of out-of-bounds length fields. When copying reports, the length field of the previous report is overwritten, resulting in a corrupted length field. This corrupted length field is then used for a memcpy into the new buffer, potentially causing a buffer overflow.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- O S