Search criteria
27 vulnerabilities found for nimble by apache
CVE-2025-62235 (GCVE-0-2025-62235)
Vulnerability from nvd – Published: 2026-01-10 09:42 – Updated: 2026-01-12 16:45
VLAI?
Title
Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing
Summary
Authentication Bypass by Spoofing vulnerability in Apache NimBLE.
Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Mynewt NimBLE |
Affected:
0 , ≤ 1.8.0
(semver)
|
Credits
Tommaso Sacchetti <tommaso.sacchetti@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-10T10:07:12.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T16:44:43.170198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:45:27.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Mynewt NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tommaso Sacchetti \u003ctommaso.sacchetti@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication Bypass by Spoofing vulnerability in Apache NimBLE.\u003c/p\u003eReceiving specially crafted Security Request could lead to removal of original bond\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and re-bond with impostor.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.8.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Spoofing vulnerability in Apache NimBLE.\n\nReceiving specially crafted Security Request could lead to removal of original bond\u00a0and re-bond with impostor.\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T09:42:30.446Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-62235",
"datePublished": "2026-01-10T09:42:30.446Z",
"dateReserved": "2025-10-09T15:28:28.169Z",
"dateUpdated": "2026-01-12T16:45:27.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53477 (GCVE-0-2025-53477)
Vulnerability from nvd – Published: 2026-01-10 09:45 – Updated: 2026-01-12 16:54
VLAI?
Title
Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer
Summary
NULL Pointer Dereference vulnerability in Apache Nimble.
Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.
This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Mynewt NimBLE |
Affected:
0 , ≤ 1.8.0
(custom)
|
Credits
雷重庆 <leicq@seu.edu.cn>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-10T10:06:51.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T16:54:05.606645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:54:48.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Mynewt NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "\u96f7\u91cd\u5e86 \u003cleicq@seu.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNULL Pointer Dereference vulnerability in Apache Nimble.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.\u003c/span\u003e\u003cbr\u003eThis issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.8.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "NULL Pointer Dereference vulnerability in Apache Nimble.\n\nMissing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.\nThis issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.\n\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T09:45:27.630Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-53477",
"datePublished": "2026-01-10T09:45:27.630Z",
"dateReserved": "2025-06-30T14:54:12.319Z",
"dateUpdated": "2026-01-12T16:54:48.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52435 (GCVE-0-2025-52435)
Vulnerability from nvd – Published: 2026-01-10 09:47 – Updated: 2026-01-12 19:07
VLAI?
Title
Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller
Summary
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.
Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.
This issue affects Apache NimBLE: through <= 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-5 J2EE Misconfiguration - Data Transmission Without Encryption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Mynewt NimBLE |
Affected:
0 , ≤ 1.8.0
(semver)
|
Credits
Henrik Schnor <henrik.schnor@mailbox.org>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-10T10:06:48.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T19:05:35.813488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-5",
"description": "CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T19:07:07.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Mynewt NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Henrik Schnor \u003chenrik.schnor@mailbox.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJ2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.\u003c/p\u003eImproper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallowing an eavesdropper to observe the remainder of the exchange\u003c/span\u003e.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through \u0026lt;= 1.8.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.\n\nImproper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.\nThis issue affects Apache NimBLE: through \u003c= 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T09:47:10.568Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/164f1c23c18a290908df76ed83fe848bfe4a4903"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/ec3d75e909fa6dcadf1836fefc4432794a673d18"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/ow8dzpsqfh9llfclh5fzh6z237brzc0s"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-52435",
"datePublished": "2026-01-10T09:47:10.568Z",
"dateReserved": "2025-06-16T14:01:50.268Z",
"dateUpdated": "2026-01-12T19:07:07.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53470 (GCVE-0-2025-53470)
Vulnerability from nvd – Published: 2026-01-10 09:46 – Updated: 2026-01-12 19:12
VLAI?
Title
Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver
Summary
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.
This issue affects Apache NimBLE: through 1.8.
This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.
Users are recommended to upgrade to version 1.9, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Mynewt NimBLE |
Affected:
0 , ≤ 1.8
(semver)
|
Credits
雷重庆 <leicq@seu.edu.cn>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-10T10:06:49.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T19:11:21.208657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T19:12:52.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Mynewt NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "\u96f7\u91cd\u5e86 \u003cleicq@seu.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.8.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis issue requires a broken or bogus Bluetooth controller and thus severity is considered low.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.9, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.\n\nThis issue affects Apache NimBLE: through 1.8.\u00a0\n\nThis issue requires a broken or bogus Bluetooth controller and thus severity is considered low.\n\nUsers are recommended to upgrade to version 1.9, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T09:46:35.789Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-53470",
"datePublished": "2026-01-10T09:46:35.789Z",
"dateReserved": "2025-06-30T13:43:23.389Z",
"dateUpdated": "2026-01-12T19:12:52.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51569 (GCVE-0-2024-51569)
Vulnerability from nvd – Published: 2024-11-26 11:17 – Updated: 2024-12-06 10:16
VLAI?
Title
Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler
Summary
Out-of-bounds Read vulnerability in Apache NimBLE.
Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.7.0
(semver)
|
Credits
Eunkyu Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-26T13:09:24.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nimble",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:36:54.924645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:41:24.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eunkyu Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eOut-of-bounds Read vulnerability in Apache NimBLE.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.\u003cbr\u003e\u003c/span\u003eThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T10:16:33.111Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/q0vs5rddx1lho30xnpsrvpzgxqmywnhs"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/4e3ac5b6e7c7df63a594c4ff6839e266b4ccfed9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-51569",
"datePublished": "2024-11-26T11:17:56.337Z",
"dateReserved": "2024-10-30T14:34:23.977Z",
"dateUpdated": "2024-12-06T10:16:33.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47250 (GCVE-0-2024-47250)
Vulnerability from nvd – Published: 2024-11-26 11:17 – Updated: 2024-12-06 10:16
VLAI?
Title
Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access
Summary
Out-of-bounds Read vulnerability in Apache NimBLE.
Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.7.0
(semver)
|
Credits
Eunkyu Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-26T13:09:22.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:35:20.978314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:36:02.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eunkyu Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds Read vulnerability in Apache NimBLE.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus G\u003c/span\u003eAP \u0027device found\u0027 events being sent.\u003cbr\u003eThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP \u0027device found\u0027 events being sent.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T10:16:02.631Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/zdb50spojlqbn0yxd866mbzqjt2vpt85"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/3b7a32ea09a3bffaab831ee0ab193a2375fc4df6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/23d61150ddae4bc8356356d7ef09d816fb89da45"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47250",
"datePublished": "2024-11-26T11:17:19.568Z",
"dateReserved": "2024-09-23T09:14:40.561Z",
"dateUpdated": "2024-12-06T10:16:02.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47249 (GCVE-0-2024-47249)
Vulnerability from nvd – Published: 2024-11-26 11:16 – Updated: 2024-12-06 10:15
VLAI?
Title
Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Summary
Improper Validation of Array Index vulnerability in Apache NimBLE.
Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.7.0
(semver)
|
Credits
Eunkyu Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-26T13:09:21.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:36:16.976066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:36:38.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eunkyu Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Validation of Array Index vulnerability in Apache NimBLE.\u003c/p\u003eLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\u003cbr\u003eThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T10:15:23.820Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47249",
"datePublished": "2024-11-26T11:16:35.626Z",
"dateReserved": "2024-09-23T08:55:51.217Z",
"dateUpdated": "2024-12-06T10:15:23.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47248 (GCVE-0-2024-47248)
Vulnerability from nvd – Published: 2024-11-26 11:15 – Updated: 2024-12-06 10:14
VLAI?
Title
Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.
Specially crafted MESH message could result in memory corruption when non-default build configuration is used.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.7.0
(custom)
|
Credits
Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-26T13:09:20.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:38:00.591718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:38:04.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBuffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Apache NimBLE.\u003c/p\u003eSpecially crafted MESH message could result in memory corruption when non-default build configuration is used.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Apache NimBLE.\n\nSpecially crafted MESH message could result in memory corruption when non-default build configuration is used.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T10:14:24.864Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47248",
"datePublished": "2024-11-26T11:15:46.394Z",
"dateReserved": "2024-09-23T08:20:53.910Z",
"dateUpdated": "2024-12-06T10:14:24.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24746 (GCVE-0-2024-24746)
Vulnerability from nvd – Published: 2024-04-06 11:56 – Updated: 2025-02-13 17:40
VLAI?
Title
Apache NimBLE: Denial of service in NimBLE Bluetooth stack
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.
Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.
This issue affects Apache NimBLE: through 1.6.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.6.0
(custom)
|
Credits
Baptiste Boyer from Quarkslab Vulnerability Reports team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nimble",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:32:29.634730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:35:06.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Baptiste Boyer from Quarkslab Vulnerability Reports team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache NimBLE.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Apache NimBLE: through 1.6.0.\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version 1.7.0, which fixes the issue.\u003c/span\u003e"
}
],
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache NimBLE.\u00a0\n\nSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\n\nThis issue affects Apache NimBLE: through 1.6.0.\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:08:25.113Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NimBLE: Denial of service in NimBLE Bluetooth stack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-24746",
"datePublished": "2024-04-06T11:56:07.232Z",
"dateReserved": "2024-01-29T10:30:51.628Z",
"dateUpdated": "2025-02-13T17:40:20.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-53470
Vulnerability from fkie_nvd - Published: 2026-01-10 10:15 - Updated: 2026-01-14 17:38
Severity ?
Summary
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.
This issue affects Apache NimBLE: through 1.8.
This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.
Users are recommended to upgrade to version 1.9, which fixes the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76 | Patch | |
| security@apache.org | https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/01/08/2 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC033019-AA62-465E-AD0A-8018D8C89ED3",
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.\n\nThis issue affects Apache NimBLE: through 1.8.\u00a0\n\nThis issue requires a broken or bogus Bluetooth controller and thus severity is considered low.\n\nUsers are recommended to upgrade to version 1.9, which fixes the issue."
}
],
"id": "CVE-2025-53470",
"lastModified": "2026-01-14T17:38:48.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-10T10:15:50.493",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/2"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-53477
Vulnerability from fkie_nvd - Published: 2026-01-10 10:15 - Updated: 2026-01-14 17:38
Severity ?
Summary
NULL Pointer Dereference vulnerability in Apache Nimble.
Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.
This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC033019-AA62-465E-AD0A-8018D8C89ED3",
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference vulnerability in Apache Nimble.\n\nMissing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.\nThis issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.\n\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"id": "CVE-2025-53477",
"lastModified": "2026-01-14T17:38:58.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-10T10:15:50.660",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da"
},
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/3"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-62235
Vulnerability from fkie_nvd - Published: 2026-01-10 10:15 - Updated: 2026-01-14 17:45
Severity ?
Summary
Authentication Bypass by Spoofing vulnerability in Apache NimBLE.
Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a | Patch | |
| security@apache.org | https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/01/08/4 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC033019-AA62-465E-AD0A-8018D8C89ED3",
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Spoofing vulnerability in Apache NimBLE.\n\nReceiving specially crafted Security Request could lead to removal of original bond\u00a0and re-bond with impostor.\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"id": "CVE-2025-62235",
"lastModified": "2026-01-14T17:45:58.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-10T10:15:50.820",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/4"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-52435
Vulnerability from fkie_nvd - Published: 2026-01-10 10:15 - Updated: 2026-01-14 16:30
Severity ?
Summary
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.
Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.
This issue affects Apache NimBLE: through <= 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC033019-AA62-465E-AD0A-8018D8C89ED3",
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.\n\nImproper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.\nThis issue affects Apache NimBLE: through \u003c= 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"id": "CVE-2025-52435",
"lastModified": "2026-01-14T16:30:55.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-10T10:15:50.320",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/164f1c23c18a290908df76ed83fe848bfe4a4903"
},
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/ec3d75e909fa6dcadf1836fefc4432794a673d18"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/ow8dzpsqfh9llfclh5fzh6z237brzc0s"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-5"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-51569
Vulnerability from fkie_nvd - Published: 2024-11-26 12:15 - Updated: 2025-07-08 14:15
Severity ?
Summary
Out-of-bounds Read vulnerability in Apache NimBLE.
Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71BB8957-7DC2-4E02-B560-1526E9758F46",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en Apache NimBLE. La falta de una validaci\u00f3n adecuada de la cantidad de paquetes completados de HCI podr\u00eda provocar un acceso fuera de los l\u00edmites al analizar un evento de HCI y una lectura no v\u00e1lida de la memoria de transporte de HCI. Este problema requiere un controlador Bluetooth da\u00f1ado o falso y, por lo tanto, se considera de baja gravedad. Este problema afecta a Apache NimBLE: hasta la versi\u00f3n 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema."
}
],
"id": "CVE-2024-51569",
"lastModified": "2025-07-08T14:15:47.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-26T12:15:21.113",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/4e3ac5b6e7c7df63a594c4ff6839e266b4ccfed9"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/q0vs5rddx1lho30xnpsrvpzgxqmywnhs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/5"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-47248
Vulnerability from fkie_nvd - Published: 2024-11-26 12:15 - Updated: 2025-07-08 14:18
Severity ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.
Specially crafted MESH message could result in memory corruption when non-default build configuration is used.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa | Patch | |
| security@apache.org | https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/11/26/2 | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71BB8957-7DC2-4E02-B560-1526E9758F46",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Apache NimBLE.\n\nSpecially crafted MESH message could result in memory corruption when non-default build configuration is used.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027desbordamiento de b\u00fafer cl\u00e1sico\u0027) en Apache NimBLE. Un mensaje MESH especialmente manipulado podr\u00eda provocar una corrupci\u00f3n de la memoria cuando se utiliza una configuraci\u00f3n de compilaci\u00f3n no predeterminada. Este problema afecta a Apache NimBLE: hasta la versi\u00f3n 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema."
}
],
"id": "CVE-2024-47248",
"lastModified": "2025-07-08T14:18:25.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-26T12:15:19.007",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/2"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-47249
Vulnerability from fkie_nvd - Published: 2024-11-26 12:15 - Updated: 2025-07-08 14:17
Severity ?
Summary
Improper Validation of Array Index vulnerability in Apache NimBLE.
Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1 | Patch | |
| security@apache.org | https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/11/26/3 | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71BB8957-7DC2-4E02-B560-1526E9758F46",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n incorrecta del \u00edndice de matriz en Apache NimBLE. La falta de validaci\u00f3n de entrada para eventos HCI del controlador podr\u00eda provocar una corrupci\u00f3n de la memoria fuera de los l\u00edmites y un bloqueo. Este problema requiere un controlador Bluetooth da\u00f1ado o falso y, por lo tanto, se considera de baja gravedad. Este problema afecta a Apache NimBLE: hasta la versi\u00f3n 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema."
}
],
"id": "CVE-2024-47249",
"lastModified": "2025-07-08T14:17:12.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-26T12:15:19.123",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/3"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-47250
Vulnerability from fkie_nvd - Published: 2024-11-26 12:15 - Updated: 2025-07-08 14:16
Severity ?
Summary
Out-of-bounds Read vulnerability in Apache NimBLE.
Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71BB8957-7DC2-4E02-B560-1526E9758F46",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP \u0027device found\u0027 events being sent.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura fuera de los l\u00edmites en Apache NimBLE. La falta de una validaci\u00f3n adecuada del informe de publicidad de HCI podr\u00eda provocar un acceso fuera de los l\u00edmites al analizar un evento de HCI y, por lo tanto, el env\u00edo de eventos de \"dispositivo encontrado\" de GAP falsos. Este problema requiere un controlador Bluetooth roto o falso y, por lo tanto, la gravedad se considera baja. Este problema afecta a Apache NimBLE: hasta 1.7.0. Se recomienda a los usuarios que actualicen a la versi\u00f3n 1.8.0, que soluciona el problema."
}
],
"id": "CVE-2024-47250",
"lastModified": "2025-07-08T14:16:34.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-26T12:15:19.230",
"references": [
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/23d61150ddae4bc8356356d7ef09d816fb89da45"
},
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/3b7a32ea09a3bffaab831ee0ab193a2375fc4df6"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/zdb50spojlqbn0yxd866mbzqjt2vpt85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/4"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-24746
Vulnerability from fkie_nvd - Published: 2024-04-06 12:15 - Updated: 2025-06-17 20:45
Severity ?
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.
Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.
This issue affects Apache NimBLE: through 1.6.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*",
"matchCriteriaId": "886F6C28-EF8D-4F3F-97FB-6221D6322B55",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache NimBLE.\u00a0\n\nSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\n\nThis issue affects Apache NimBLE: through 1.6.0.\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue."
},
{
"lang": "es",
"value": "Bucle con vulnerabilidad de condici\u00f3n de salida inalcanzable (\"bucle infinito\") en Apache NimBLE. La operaci\u00f3n GATT especialmente manipulada puede causar un bucle infinito en el servidor GATT que lleva a la denegaci\u00f3n de servicio en la pila o dispositivo Bluetooth. Este problema afecta a Apache NimBLE: hasta 1.6.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.7.0, que soluciona el problema."
}
],
"id": "CVE-2024-24746",
"lastModified": "2025-06-17T20:45:18.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-06T12:15:08.310",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"
},
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-52435 (GCVE-0-2025-52435)
Vulnerability from cvelistv5 – Published: 2026-01-10 09:47 – Updated: 2026-01-12 19:07
VLAI?
Title
Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller
Summary
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.
Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.
This issue affects Apache NimBLE: through <= 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-5 J2EE Misconfiguration - Data Transmission Without Encryption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Mynewt NimBLE |
Affected:
0 , ≤ 1.8.0
(semver)
|
Credits
Henrik Schnor <henrik.schnor@mailbox.org>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-10T10:06:48.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-52435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T19:05:35.813488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-5",
"description": "CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T19:07:07.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Mynewt NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Henrik Schnor \u003chenrik.schnor@mailbox.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJ2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.\u003c/p\u003eImproper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallowing an eavesdropper to observe the remainder of the exchange\u003c/span\u003e.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through \u0026lt;= 1.8.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.\n\nImproper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.\nThis issue affects Apache NimBLE: through \u003c= 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T09:47:10.568Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/164f1c23c18a290908df76ed83fe848bfe4a4903"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/ec3d75e909fa6dcadf1836fefc4432794a673d18"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/ow8dzpsqfh9llfclh5fzh6z237brzc0s"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-52435",
"datePublished": "2026-01-10T09:47:10.568Z",
"dateReserved": "2025-06-16T14:01:50.268Z",
"dateUpdated": "2026-01-12T19:07:07.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53470 (GCVE-0-2025-53470)
Vulnerability from cvelistv5 – Published: 2026-01-10 09:46 – Updated: 2026-01-12 19:12
VLAI?
Title
Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver
Summary
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.
This issue affects Apache NimBLE: through 1.8.
This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.
Users are recommended to upgrade to version 1.9, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Mynewt NimBLE |
Affected:
0 , ≤ 1.8
(semver)
|
Credits
雷重庆 <leicq@seu.edu.cn>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-10T10:06:49.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T19:11:21.208657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T19:12:52.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Mynewt NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "\u96f7\u91cd\u5e86 \u003cleicq@seu.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.\u003c/p\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.8.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis issue requires a broken or bogus Bluetooth controller and thus severity is considered low.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.9, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.\n\nThis issue affects Apache NimBLE: through 1.8.\u00a0\n\nThis issue requires a broken or bogus Bluetooth controller and thus severity is considered low.\n\nUsers are recommended to upgrade to version 1.9, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T09:46:35.789Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-53470",
"datePublished": "2026-01-10T09:46:35.789Z",
"dateReserved": "2025-06-30T13:43:23.389Z",
"dateUpdated": "2026-01-12T19:12:52.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53477 (GCVE-0-2025-53477)
Vulnerability from cvelistv5 – Published: 2026-01-10 09:45 – Updated: 2026-01-12 16:54
VLAI?
Title
Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer
Summary
NULL Pointer Dereference vulnerability in Apache Nimble.
Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.
This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Mynewt NimBLE |
Affected:
0 , ≤ 1.8.0
(custom)
|
Credits
雷重庆 <leicq@seu.edu.cn>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-10T10:06:51.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T16:54:05.606645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:54:48.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Mynewt NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "\u96f7\u91cd\u5e86 \u003cleicq@seu.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNULL Pointer Dereference vulnerability in Apache Nimble.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.\u003c/span\u003e\u003cbr\u003eThis issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.8.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "NULL Pointer Dereference vulnerability in Apache Nimble.\n\nMissing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.\nThis issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.\n\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T09:45:27.630Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-53477",
"datePublished": "2026-01-10T09:45:27.630Z",
"dateReserved": "2025-06-30T14:54:12.319Z",
"dateUpdated": "2026-01-12T16:54:48.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62235 (GCVE-0-2025-62235)
Vulnerability from cvelistv5 – Published: 2026-01-10 09:42 – Updated: 2026-01-12 16:45
VLAI?
Title
Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing
Summary
Authentication Bypass by Spoofing vulnerability in Apache NimBLE.
Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Mynewt NimBLE |
Affected:
0 , ≤ 1.8.0
(semver)
|
Credits
Tommaso Sacchetti <tommaso.sacchetti@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-01-10T10:07:12.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/08/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T16:44:43.170198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:45:27.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Mynewt NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tommaso Sacchetti \u003ctommaso.sacchetti@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication Bypass by Spoofing vulnerability in Apache NimBLE.\u003c/p\u003eReceiving specially crafted Security Request could lead to removal of original bond\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and re-bond with impostor.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.8.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.9.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Authentication Bypass by Spoofing vulnerability in Apache NimBLE.\n\nReceiving specially crafted Security Request could lead to removal of original bond\u00a0and re-bond with impostor.\nThis issue affects Apache NimBLE: through 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T09:42:30.446Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-62235",
"datePublished": "2026-01-10T09:42:30.446Z",
"dateReserved": "2025-10-09T15:28:28.169Z",
"dateUpdated": "2026-01-12T16:45:27.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51569 (GCVE-0-2024-51569)
Vulnerability from cvelistv5 – Published: 2024-11-26 11:17 – Updated: 2024-12-06 10:16
VLAI?
Title
Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler
Summary
Out-of-bounds Read vulnerability in Apache NimBLE.
Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.7.0
(semver)
|
Credits
Eunkyu Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-26T13:09:24.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nimble",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:36:54.924645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:41:24.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eunkyu Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eOut-of-bounds Read vulnerability in Apache NimBLE.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.\u003cbr\u003e\u003c/span\u003eThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T10:16:33.111Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/q0vs5rddx1lho30xnpsrvpzgxqmywnhs"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/4e3ac5b6e7c7df63a594c4ff6839e266b4ccfed9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-51569",
"datePublished": "2024-11-26T11:17:56.337Z",
"dateReserved": "2024-10-30T14:34:23.977Z",
"dateUpdated": "2024-12-06T10:16:33.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47250 (GCVE-0-2024-47250)
Vulnerability from cvelistv5 – Published: 2024-11-26 11:17 – Updated: 2024-12-06 10:16
VLAI?
Title
Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access
Summary
Out-of-bounds Read vulnerability in Apache NimBLE.
Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.7.0
(semver)
|
Credits
Eunkyu Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-26T13:09:22.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:35:20.978314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:36:02.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eunkyu Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds Read vulnerability in Apache NimBLE.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus G\u003c/span\u003eAP \u0027device found\u0027 events being sent.\u003cbr\u003eThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in Apache NimBLE.\n\nMissing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP \u0027device found\u0027 events being sent.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T10:16:02.631Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/zdb50spojlqbn0yxd866mbzqjt2vpt85"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/3b7a32ea09a3bffaab831ee0ab193a2375fc4df6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/23d61150ddae4bc8356356d7ef09d816fb89da45"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47250",
"datePublished": "2024-11-26T11:17:19.568Z",
"dateReserved": "2024-09-23T09:14:40.561Z",
"dateUpdated": "2024-12-06T10:16:02.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47249 (GCVE-0-2024-47249)
Vulnerability from cvelistv5 – Published: 2024-11-26 11:16 – Updated: 2024-12-06 10:15
VLAI?
Title
Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Summary
Improper Validation of Array Index vulnerability in Apache NimBLE.
Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.7.0
(semver)
|
Credits
Eunkyu Lee
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-26T13:09:21.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:36:16.976066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:36:38.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eunkyu Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Validation of Array Index vulnerability in Apache NimBLE.\u003c/p\u003eLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\u003cbr\u003eThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Validation of Array Index vulnerability in Apache NimBLE.\n\nLack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.\nThis issue requires broken or bogus Bluetooth controller and thus severity is considered low.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T10:15:23.820Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/7ckxw6481dp68ons627pjcb27c75n0mq"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/f39330866a85fa4de49246e9d21334bc8d14f0a1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47249",
"datePublished": "2024-11-26T11:16:35.626Z",
"dateReserved": "2024-09-23T08:55:51.217Z",
"dateUpdated": "2024-12-06T10:15:23.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47248 (GCVE-0-2024-47248)
Vulnerability from cvelistv5 – Published: 2024-11-26 11:15 – Updated: 2024-12-06 10:14
VLAI?
Title
Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.
Specially crafted MESH message could result in memory corruption when non-default build configuration is used.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.7.0
(custom)
|
Credits
Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-26T13:09:20.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/26/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T16:38:00.591718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T16:38:04.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBuffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Apache NimBLE.\u003c/p\u003eSpecially crafted MESH message could result in memory corruption when non-default build configuration is used.\u003cbr\u003e\u003cp\u003eThis issue affects Apache NimBLE: through 1.7.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.8.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in Apache NimBLE.\n\nSpecially crafted MESH message could result in memory corruption when non-default build configuration is used.\nThis issue affects Apache NimBLE: through 1.7.0.\n\nUsers are recommended to upgrade to version 1.8.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T10:14:24.864Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/z8m7jqh54xybf9kz8q2l3tz92zsj7tmz"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/4f75c0b3b466186beff40e8489870c6cee076aaa"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47248",
"datePublished": "2024-11-26T11:15:46.394Z",
"dateReserved": "2024-09-23T08:20:53.910Z",
"dateUpdated": "2024-12-06T10:14:24.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24746 (GCVE-0-2024-24746)
Vulnerability from cvelistv5 – Published: 2024-04-06 11:56 – Updated: 2025-02-13 17:40
VLAI?
Title
Apache NimBLE: Denial of service in NimBLE Bluetooth stack
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.
Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.
This issue affects Apache NimBLE: through 1.6.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache NimBLE |
Affected:
0 , ≤ 1.6.0
(custom)
|
Credits
Baptiste Boyer from Quarkslab Vulnerability Reports team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:nimble:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nimble",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "1.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:32:29.634730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:35:06.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache NimBLE",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Baptiste Boyer from Quarkslab Vulnerability Reports team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache NimBLE.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Apache NimBLE: through 1.6.0.\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version 1.7.0, which fixes the issue.\u003c/span\u003e"
}
],
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Apache NimBLE.\u00a0\n\nSpecially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.\n\nThis issue affects Apache NimBLE: through 1.6.0.\nUsers are recommended to upgrade to version 1.7.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:08:25.113Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/bptkzc0o2ymjk8qqzqdmy39kcmh27078"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/mynewt-nimble/commit/d42a0ebe6632bd0c318560e4293a522634f60594"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache NimBLE: Denial of service in NimBLE Bluetooth stack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-24746",
"datePublished": "2024-04-06T11:56:07.232Z",
"dateReserved": "2024-01-29T10:30:51.628Z",
"dateUpdated": "2025-02-13T17:40:20.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}