CNNVD-202601-1721 Information
CNNVD ID
CNNVD-202601-1721
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
Apache NimBLE是美国阿帕奇(Apache)基金会的一个开源蓝牙 5.4 堆栈(主机和控制器),完全取代 Nordic 芯片组上的专有 SoftDevice。它是Apache Mynewt 项目的一部分。 Apache NimBLE 1.8及之前版本存在缓冲区错误漏洞,该漏洞源于H4驱动程序中特制的HCI事件可能导致无效内存读取。
Description (English)
Apache NimBLE, an open-source bluetooth (host and controller) stack of the Apache Foundation in the United States, completely replaced SoftDevice on the Nordic chip group. It’s part of the Apache Mynewt project. Apache NimbLE 1.8 and previous versions had an error loophole in the buffer zone, which stemmed from the HCI event, which was specially designed for H4-drivers, which could lead to invalid RAM access.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
阿帕奇
Published
2026-01-10
Last Modified
2026-02-24
References
https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0 http://www.openwall.com/lists/oss-security/2026/01/08/2 https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76 https://access.redhat.com/security/cve/cve-2025-53470