medium
5.9
CWE
404
Advisory Published
Updated

CVE-2024-38271: Denial of Service in Quick Share

First published: Wed Jun 26 2024(Updated: )

There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above

Credit: cve-coordination@google.com

Affected SoftwareAffected VersionHow to fix
Google Nearby<1.0.1724.0

Remedy

https://github.com/google/nearby/pull/2402

Remedy

https://github.com/google/nearby/pull/2433

Remedy

https://github.com/google/nearby/pull/2435

Remedy

https://github.com/google/nearby/pull/2589

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-38271?

    CVE-2024-38271 is considered a high severity vulnerability due to the potential for unauthorized connection to a temporary hotspot.

  • How do I fix CVE-2024-38271?

    To fix CVE-2024-38271, update your Google Nearby application to the latest version that addresses this vulnerability.

  • What systems are affected by CVE-2024-38271?

    CVE-2024-38271 affects Google Nearby versions prior to 1.0.1724.0.

  • Can CVE-2024-38271 lead to data theft?

    Yes, CVE-2024-38271 can potentially lead to data theft as an attacker could exploit the connection to intercept data during the sharing process.

  • Is there a workaround for CVE-2024-38271?

    A temporary workaround for CVE-2024-38271 includes disabling Bluetooth sharing features until a patch is applied.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203