CVE-2024-48985

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 20, 2024
Updated: Nov 25, 2024
CWE ID 120

Summary

CVE-2024-48985 is a vulnerability affecting MBed OS 6.16.0. In this issue, the software fails to properly handle buffer allocation during processing of HCI packets. When packet data is too large, the buffer allocation fails, but no exception handling occurs. Consequently, the software continues to write data into a 4-byte temporary header buffer, causing a buffer overflow. An attacker can exploit this vulnerability to conduct arbitrary writes, overwriting pointers to intended packet buffers and advancing the parsing process to write data to the attacker-controlled location.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share