admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-38271.md
0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00

18 lines
1.1 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### [CVE-2024-38271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38271)
![](https://img.shields.io/static/v1?label=Product&message=Nearby&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.1724.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-404%20Improper%20Resource%20Shutdown%20or%20Release&color=brighgreen)
### Description
There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attackers WiFi network and then sends an OfflineFrame that crashes Quick Share.This makes the Wifi connection to the attackers network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/SafeBreach-Labs/QuickShell
Reference in New Issue View Git Blame Copy Permalink