CNNVD-202601-1722 Information
CNNVD ID
CNNVD-202601-1722
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
Apache NimBLE是美国阿帕奇(Apache)基金会的一个开源蓝牙 5.4 堆栈(主机和控制器),完全取代 Nordic 芯片组上的专有 SoftDevice。它是Apache Mynewt 项目的一部分。 Apache NimBLE 1.8.0及之前版本存在代码问题漏洞,该漏洞源于缺少对HCI连接完成或HCI命令TX缓冲区的验证,可能导致空指针取消引用。
Description (English)
Apache NimBLE, an open-source bluetooth (host and controller) stack of the Apache Foundation in the United States, completely replaced SoftDevice on the Nordic chip group. It’s part of the Apache Mynewt project. Apache NimbLE 1.8.0 and previous versions had a code problem loophole, which stemmed from a lack of verification of HCI connection completion or HCI command TX buffer zone, which could lead to the removal of the reference to an empty pointer.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
阿帕奇
Published
2026-01-10
Last Modified
2026-02-24
References
https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo http://www.openwall.com/lists/oss-security/2026/01/08/3 https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077 https://access.redhat.com/security/cve/cve-2025-53477