CNNVD-202601-1723 Information
CNNVD ID
CNNVD-202601-1723
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
Apache NimBLE是美国阿帕奇(Apache)基金会的一个开源蓝牙 5.4 堆栈(主机和控制器),完全取代 Nordic 芯片组上的专有 SoftDevice。它是Apache Mynewt 项目的一部分。 Apache NimBLE 1.8.0及之前版本存在安全漏洞,该漏洞源于链路层上暂停加密过程处理不当,可能导致连接未加密,允许窃听者观察后续交换。
Description (English)
Apache NimBLE, an open-source bluetooth (host and controller) stack of the Apache Foundation in the United States, completely replaced SoftDevice on the Nordic chip group. It’s part of the Apache Mynewt project. Apache NimbLE 1.8.0 and previous versions had a security loophole, which stemmed from the improper handling of the encryption process on the chain layer, which could lead to unencrypted connections and allow wiretapers to observe subsequent exchanges.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/apache/mynewt-nimble/commit/164f1c23c18a290908df76ed83fe848bfe4a4903 https://github.com/apache/mynewt-nimble/commit/ec3d75e909fa6dcadf1836fefc4432794a673d18 http://www.openwall.com/lists/oss-security/2026/01/08/1 https://lists.apache.org/thread/ow8dzpsqfh9llfclh5fzh6z237brzc0s https://access.redhat.com/security/cve/cve-2025-52435