{"schema_version": "1.6.1", "id": "CVE-2024-51569", "summary": "Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler", "details": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"last_affected": "0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/q0vs5rddx1lho30xnpsrvpzgxqmywnhs"}, {"type": "WEB", "url": "https://github.com/apache/mynewt-nimble/commit/4e3ac5b6e7c7df63a594c4ff6839e266b4ccfed9"}]}