CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-43096

Critical Severity
SVRS
77/100
CVSSv3
NA/10
EPSS
0.00014/1

CVE-2024-43096: Out-of-bounds write vulnerability in gatt_sr.cc can lead to code execution. A critical vulnerability exists in the build_read_multi_rsp function within gatt_sr.cc due to a missing bounds check. This flaw, identified as CVE-2024-43096, can enable a remote attacker in proximity to execute arbitrary code without requiring any user interaction or elevated privileges. With a SOCRadar Vulnerability Risk Score (SVRS) of 77, this CVE is a high-risk issue that needs prompt attention even though the CVSS score is 0. The out-of-bounds write condition could potentially overwrite sensitive memory regions, leading to system compromise. Given the potential for remote code execution, organizations should prioritize patching or mitigating this Bluetooth vulnerability to prevent exploitation. The "In The Wild" tag suggests active exploitation attempts.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-03-19
LAST MODIFIED2025-01-21

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-43096 | Google Android 12/12L/13/14/15 gatt_sr.cc build_read_multi_rsp out-of-bounds write
vuldb.com2025-03-19
CVE-2024-43096 | Google Android 12/12L/13/14/15 gatt_sr.cc build_read_multi_rsp out-of-bounds write | A vulnerability, which was classified as critical, was found in Google Android 12/12L/13/14/15. This affects the function build_read_multi_rsp of the file gatt_sr.cc. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-43096. It
vuldb.com
rss
forum
news
Important Warning from Google! Millions of Android Devices Are Not Safe! - RaillyNews
2025-01-12
Important Warning from Google! Millions of Android Devices Are Not Safe! - RaillyNews | News Content: Android Security Updates: January 2025 Bulletin The January 2025 Android Security Bulletin is of critical importance to users. This bulletin includes updates made to ensure the security of Android devices. There are important changes and security patches especially for Android 12, 13, 14 and 15 users. In this article, we will take a comprehensive look at the details of the January 2025 updates, critical vulnerabilities and how you can protect yourself from them. Vulnerabilities and Criticality Levels Google with January 2025 update 36 critical vulnerabilities has
google.com
rss
forum
news
Important Warning from Google! Millions of Android Devices Are Not Safe! - RaillyNews
2025-01-12
Important Warning from Google! Millions of Android Devices Are Not Safe! - RaillyNews | News Content: Android Security Updates: January 2025 Bulletin The January 2025 Android Security Bulletin is of critical importance to users. This bulletin includes updates made to ensure the security of Android devices. There are important changes and security patches especially for Android 12, 13, 14 and 15 users. In this article, we will take a comprehensive look at the details of the January 2025 updates, critical vulnerabilities and how you can protect yourself from them. Vulnerabilities and Criticality Levels Google with January 2025 update 36 critical vulnerabilities has
google.com
rss
forum
news
Critical Samsung 0-Click Vulnerability Found in Samsung S24 and S23 Devices Got Fixed
Balaji N2025-01-10
Critical Samsung 0-Click Vulnerability Found in Samsung S24 and S23 Devices Got Fixed | On September 21, 2024, a critical security vulnerability was identified by Google researchers in the Monkey’s Audio (APE) decoder used in Samsung’s flagship Galaxy S23 and S24 devices. Now it got fixed after 3 months since the Google Project Zero team disclosed the vulnerability with a 90-day deadline. The latest update addresses critical vulnerabilities within […] The post Critical Samsung 0-Click Vulnerability Found in Samsung
cybersecuritynews.com
rss
forum
news
Android patches several vulnerabilities in first security update of 2025
Greg Otto2025-01-07
Android patches several vulnerabilities in first security update of 2025 | The bulletin identifies five critical remote code execution (RCE) vulnerabilities affecting the core components of Android’s system. The post Android patches several vulnerabilities in first security update of 2025 appeared first on CyberScoop.Android has released its first security update of the year, disclosing several critical and high-severity vulnerabilities that affect a wide range
cyberscoop.com
rss
forum
news

Social Media

2/8 Critical RCE flaws (CVE-2024-43096, CVE-2024-43770) fixed in the 2025-01-01 patch level. Update now to protect against remote attacks! 🔐#AndroidPatch #Cybersecurity
0
0
0
(CVE-2024-43096)[323850943][critical]build_read_multi_rsp is missing a bounds check -> OOB write(when the mtu parameter is set to zero) -> ... -> RCE https://t.co/yhPKFf6xsm
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://source.android.com/security/bulletin/2025-01-01

CWE Details

CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence