CVE-2024-48985
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-48985 is a vulnerability affecting MBed OS 6.16.0. In this issue, the software fails to properly handle buffer allocation during processing of HCI packets. When packet data is too large, the buffer allocation fails, but no exception handling occurs. Consequently, the software continues to write data into a 4-byte temporary header buffer, causing a buffer overflow. An attacker can exploit this vulnerability to conduct arbitrary writes, overwriting pointers to intended packet buffers and advancing the parsing process to write data to the attacker-controlled location.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- O S