---
Introduction

A new critical vulnerability, CVE-2024-49748, has been discovered in the function gatts_process_primary_service_req of the gatt_sr.cc component. The issue is a heap buffer overflow that can lead to an out-of-bounds write, ultimately resulting in remote code execution (RCE) without any additional execution privileges required. It is important to note that user interaction is not a prerequisite for exploitation.

---
Vulnerability Details

In the function gatts_process_primary_service_req, there is a failure to properly validate the size of the input data, which can result in a heap buffer overflow. An attacker can craft a malicious packet to exploit the vulnerability and potentially cause a code execution in the target system.

Here is a code snippet of the affected function

void gatts_process_primary_service_req(uint8_t* p_data) {
    ...
    uint16_t len;
    ...
    STREAM_TO_UINT16(len, p_data);
    ...
    if (len > ) {
        p_out_buf = (uint8_t*)osi_malloc(len);
        memcpy(p_out_buf, p_data, len);
    }
}

The function first reads a 16-bit length value len from the input data p_data. The length is then used to allocate a heap buffer p_out_buf and copy data from the input buffer to the newly allocated buffer. Unfortunately, there is no proper check to ensure that the length value is within the acceptable bounds, which exposes the system to a heap buffer overflow.

- CVE-2024-49748 - Heap Buffer Overflow in gatts_process_primary_service_req

---
Exploit Details

An attacker can exploit this vulnerability by sending a specially crafted packet with a malicious length value to the target system. The length value should be large enough to overflow the heap buffer, allowing the attacker to overwrite adjacent memory locations and potentially take control of the system.

The attacker gains control of the target system.

---
Conclusion and Recommendations

CVE-2024-49748 is a dangerous vulnerability that can result in remote code execution without user interaction. To protect your systems, ensure that you apply all available patches and updates for the affected software as soon as possible. Additionally, consider using intrusion detection and prevention systems to monitor and block suspicious network traffic.

In software development, it is crucial to always validate the size of the input data before allocating memory and copying data. This can help prevent similar vulnerabilities that stem from failing to verify input data bounds.

For further information, please refer to the original references

- Original reference for CVE-2024-49748
- Security Advisory for CVE-2024-49748

Stay vigilant and always keep your systems up-to-date to avoid falling victim to these exploits.

Timeline

Published on: 01/21/2025 23:15:15 UTC
Last modified on: 03/17/2025 16:15:23 UTC