Details of VAR-202411-1442

ID

VAR-202411-1442

CVE

CVE-2024-48981

TITLE

ARM Ltd. of Mbed OS Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-013293

DESCRIPTION

An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet header by looking up the identifying first byte and matching it against a table of possible lengths. The initial parsing function, hciTrSerialRxIncoming does not drop packets with invalid identifiers but also does not set a safe default for the length of unknown packets' headers, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to a not-yet-allocated buffer that is supposed to receive the contents of the packet body. One can then overwrite the state variable used by the function to determine which state of packet parsing is currently occurring. Because the buffer is allocated when the last byte of the header has been copied, the combination of having a bad header length variable that will never match the counter variable and being able to overwrite the state variable with the resulting buffer overflow can be used to advance the function to the next step while skipping the buffer allocation and resulting pointer write. The next 16 bytes from the packet body are then written wherever the corrupted data pointer is pointing. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-48981 // JVNDB: JVNDB-2024-013293

AFFECTED PRODUCTS

vendor:	arm	model:	mbed	scope:	eq	version:	6.16.0	Trust: 1.0
vendor:	arm	model:	mbed os	scope:	eq	version:	-	Trust: 0.8
vendor:	arm	model:	mbed os	scope:	-	version:	-	Trust: 0.8
vendor:	arm	model:	mbed os	scope:	eq	version:	6.16.0	Trust: 0.8

sources: JVNDB: JVNDB-2024-013293 // NVD: CVE-2024-48981

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-48981
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-48981
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-48981
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-48981
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2024-48981
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-013293 // NVD: CVE-2024-48981 // NVD: CVE-2024-48981

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-013293 // NVD: CVE-2024-48981

EXTERNAL IDS

db:	NVD	id:	CVE-2024-48981	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-013293	Trust: 0.8

sources: JVNDB: JVNDB-2024-013293 // NVD: CVE-2024-48981

REFERENCES

url:	https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/feature_ble/source/cordio/stack_adaptation/hci_tr.c#l161	Trust: 1.8
url:	https://github.com/mbed-ce/mbed-os/pull/374	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-48981	Trust: 0.8

sources: JVNDB: JVNDB-2024-013293 // NVD: CVE-2024-48981

SOURCES

db:	JVNDB	id:	JVNDB-2024-013293
db:	NVD	id:	CVE-2024-48981

LAST UPDATE DATE

2024-11-26T23:13:24.932000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-013293	date:	2024-11-25T02:41:00
db:	NVD	id:	CVE-2024-48981	date:	2024-11-25T22:15:13.517

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-013293	date:	2024-11-25T00:00:00
db:	NVD	id:	CVE-2024-48981	date:	2024-11-20T20:15:19.097