cvedb.io
CVE-2024-48981
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2024-11-20T20:15:19.097 · Last modified 2026-06-17T07:59:08.830

Summary

An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet header by looking up the identifying first byte and matching it against a table of possible lengths. The initial parsing function, hciTrSerialRxIncoming does not drop packets with invalid identifiers but also does not set a safe default for the length of unknown packets' headers, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to a not-yet-allocated buffer that is supposed to receive the contents of the packet body. One can then overwrite the state variable used by the function to determine which state of packet parsing is currently occurring. Because the buffer is alloca

Affected products

arm — mbed

Does this affect you?

Add your gear to cvedb and we'll alert you only when arm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.