CVE-2024-38271

There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:nearby:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:25

Type Values Removed Values Added
References () https://github.com/google/nearby/pull/2402 - Issue Tracking, Patch () https://github.com/google/nearby/pull/2402 - Issue Tracking, Patch
References () https://github.com/google/nearby/pull/2433 - Issue Tracking, Patch () https://github.com/google/nearby/pull/2433 - Issue Tracking, Patch
References () https://github.com/google/nearby/pull/2435 - Issue Tracking, Patch () https://github.com/google/nearby/pull/2435 - Issue Tracking, Patch
References () https://github.com/google/nearby/pull/2589 - Issue Tracking, Patch () https://github.com/google/nearby/pull/2589 - Issue Tracking, Patch

24 Sep 2024, 19:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
CPE cpe:2.3:a:google:nearby:*:*:*:*:*:*:*:*
First Time Google
Google nearby
References () https://github.com/google/nearby/pull/2402 - () https://github.com/google/nearby/pull/2402 - Issue Tracking, Patch
References () https://github.com/google/nearby/pull/2433 - () https://github.com/google/nearby/pull/2433 - Issue Tracking, Patch
References () https://github.com/google/nearby/pull/2435 - () https://github.com/google/nearby/pull/2435 - Issue Tracking, Patch
References () https://github.com/google/nearby/pull/2589 - () https://github.com/google/nearby/pull/2589 - Issue Tracking, Patch

29 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://github.com/google/nearby/pull/2402 -
  • () https://github.com/google/nearby/pull/2589 -
Summary (en) There exists a vulnerability in Quickshare/Nearby where an attacker can force the a victim to stay connected to a temporary hotspot created for the share. As part of the sequence of packets in a QuickShare connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last instead of returning to the old network when the Quick Share session is done allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quickshare or above (en) There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above

27 Jun 2024, 12:47

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad en Quickshare/Nearby donde un atacante puede obligar a la víctima a permanecer conectada a un punto de acceso temporal creado para el recurso compartido. Como parte de la secuencia de paquetes en una conexión QuickShare a través de Bluetooth, el atacante obliga a la víctima a conectarse a la red WiFi del atacante y luego envía un OfflineFrame que bloquea Quick Share. Esto hace que la conexión Wifi a la red del atacante dure en lugar de regresar a la red anterior cuando finaliza la sesión de Quick Share, lo que permite que el atacante sea un MiTM. Recomendamos actualizar a la versión 1.0.1724.0 de Quickshare o superior

26 Jun 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-26 16:15

Updated : 2024-11-21 09:25


NVD link : CVE-2024-38271

Mitre link : CVE-2024-38271

CVE.ORG link : CVE-2024-38271


JSON object : View

Products Affected

google

  • nearby
CWE
CWE-404

Improper Resource Shutdown or Release