What is the severity of CVE-2024-48984?

CVE-2024-48984 is considered a medium severity vulnerability due to its potential to cause information leaks and malformed data processing.

How do I fix CVE-2024-48984?

To fix CVE-2024-48984, update MBed OS to the latest version or apply the relevant patches from the vendor.

Which versions of MBed OS are affected by CVE-2024-48984?

CVE-2024-48984 affects MBed OS version 6.16.0 and potentially earlier versions.

What kind of vulnerability is CVE-2024-48984?

CVE-2024-48984 is a parsing vulnerability that can lead to improper handling of input data in Bluetooth communication.

Is there a proof of concept for CVE-2024-48984?

Yes, there is a proof of concept for CVE-2024-48984 included in the discussions and code changes associated with the vulnerability.

Vulnerability/
CVE-2024-48984

critical

9.8

CWE

119 120

EPSS

0.127%

20/11/2024

25/11/2024

CVE-2024-48984: Buffer Overflow

First published: Wed Nov 20 2024(Updated: )

An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the second report, etc. In doing this, it tracks the largest report so it can later allocate a buffer that fits every individual report (but only one at a time). It does not, however, validate that these addresses are all contained within the buffer passed to hciEvtProcessLeExtAdvReport. It is then possible, though unlikely, that the buffer designated to hold the reports is allocated in such a way that one of these out-of-bounds length fields is contained within the new buffer. When the (n-1)th report is copied, it overwrites the length field of the nth report. This now corrupted length field is then used for a memcpy into the new buffer, which may lead to a buffer overflow.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Arm Mbed

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-48984?
CVE-2024-48984 is considered a medium severity vulnerability due to its potential to cause information leaks and malformed data processing.
How do I fix CVE-2024-48984?
To fix CVE-2024-48984, update MBed OS to the latest version or apply the relevant patches from the vendor.
Which versions of MBed OS are affected by CVE-2024-48984?
CVE-2024-48984 affects MBed OS version 6.16.0 and potentially earlier versions.
What kind of vulnerability is CVE-2024-48984?
CVE-2024-48984 is a parsing vulnerability that can lead to improper handling of input data in Bluetooth communication.
Is there a proof of concept for CVE-2024-48984?
Yes, there is a proof of concept for CVE-2024-48984 included in the discussions and code changes associated with the vulnerability.

agent/references
agent/description
agent/first-publish-date
agent/type
agent/author
collector/nvd-api
source/NVD
agent/weakness
agent/last-modified-date
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/arm
canonical/arm mbed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.