{ "id": "CVE-2024-48982", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-20T21:15:07.830", "lastModified": "2024-11-25T21:15:17.023", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that this is the case. Supplying a length less than 3 leads to a buffer overflow in a buffer that is allocated later. It is simultaneously possible to cause another integer overflow by supplying large length values because the provided length value is increased by a few bytes to account for additional information that is supposed to be stored there. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en MBed OS 6.16.0. Su software de an\u00e1lisis de hci determina din\u00e1micamente la longitud de ciertos paquetes hci leyendo un byte de su encabezado. Se supone que este valor es mayor o igual a 3, pero el software no garantiza que este sea el caso. Proporcionar una longitud menor a 3 provoca un desbordamiento de b\u00fafer en un b\u00fafer que se asigna m\u00e1s tarde. Al mismo tiempo, es posible provocar otro desbordamiento de enteros proporcionando valores de longitud grandes porque el valor de longitud proporcionado se incrementa en unos pocos bytes para tener en cuenta la informaci\u00f3n adicional que se supone que debe almacenarse all\u00ed. Este error es trivial de explotar para una denegaci\u00f3n de servicio, pero no es seguro que sea suficiente para hacer caer el sistema y, por lo general, no se puede explotar m\u00e1s porque el b\u00fafer explotable se asigna din\u00e1micamente." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-120" } ] }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-120" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:mbed:6.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9CE74E6-6FC6-4507-A9EE-F74B3E02FCB8" } ] } ] } ], "references": [ { "url": "https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/FEATURE_BLE/libraries/cordio_stack/ble-host/sources/hci/dual_chip/hci_evt.c#L2748", "source": "cve@mitre.org", "tags": [ "Product" ] }, { "url": "https://github.com/mbed-ce/mbed-os/pull/386", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }