See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-8798

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 122

CWE ID 20

Summary

CVE-2024-8798 is a vulnerability affecting the Zephyr Project's Bluetooth OTS client in the file "ots_client.c". The issue lies in the olcp_ind_handler function where user input is not properly validated for length. An attacker could exploit this vulnerability by sending maliciously crafted input data to trigger a buffer overflow or other unintended behavior, potentially leading to system crashes or arbitrary code execution. This could pose a significant risk to the availability and integrity of devices using the affected software. It is important for users to update their Zephyr Project software to a patched version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zephyr

Affected Vendors

The Zephyr Project

Advisories, Assessments, and Mitigations

Back to Vulnerability Database