Details of VAR-202411-1532

ID

VAR-202411-1532

CVE

CVE-2024-48985

TITLE

ARM Ltd. of Mbed OS Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-013306

DESCRIPTION

An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier and the header length. If the allocate fails because the specified packet is too large, no exception handling occurs and hciTrSerialRxIncoming continues to write bytes into the 4-byte large temporary header buffer, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to the buffer that is supposed to receive the contents of the packet body but which couldn't be allocated. One can then overwrite the state variable used by the function to determine which step of the parsing process is currently being executed. This advances the function to the next state, where it proceeds to copy data to that arbitrary location. The packet body is then written wherever the corrupted data pointer is pointing. ARM Ltd. of Mbed OS Exists in a classic buffer overflow vulnerability.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-48985 // JVNDB: JVNDB-2024-013306

AFFECTED PRODUCTS

vendor:	arm	model:	mbed	scope:	eq	version:	6.16.0	Trust: 1.0
vendor:	arm	model:	mbed os	scope:	eq	version:	-	Trust: 0.8
vendor:	arm	model:	mbed os	scope:	-	version:	-	Trust: 0.8
vendor:	arm	model:	mbed os	scope:	eq	version:	6.16.0	Trust: 0.8

sources: JVNDB: JVNDB-2024-013306 // NVD: CVE-2024-48985

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-48985
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-48985
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-48985
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-48985
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2024-48985
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-013306 // NVD: CVE-2024-48985 // NVD: CVE-2024-48985

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-013306 // NVD: CVE-2024-48985

EXTERNAL IDS

db:	NVD	id:	CVE-2024-48985	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-013306	Trust: 0.8

sources: JVNDB: JVNDB-2024-013306 // NVD: CVE-2024-48985

REFERENCES

url:	https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/feature_ble/source/cordio/stack_adaptation/hci_tr.c#l200	Trust: 1.8
url:	https://github.com/mbed-ce/mbed-os/pull/384	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-48985	Trust: 0.8

sources: JVNDB: JVNDB-2024-013306 // NVD: CVE-2024-48985

SOURCES

db:	JVNDB	id:	JVNDB-2024-013306
db:	NVD	id:	CVE-2024-48985

LAST UPDATE DATE

2024-11-27T22:59:27.155000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-013306	date:	2024-11-25T02:56:00
db:	NVD	id:	CVE-2024-48985	date:	2024-11-25T22:15:14.790

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-013306	date:	2024-11-25T00:00:00
db:	NVD	id:	CVE-2024-48985	date:	2024-11-20T20:15:19.270