CNNVD-202601-1724 Information
CNNVD ID
CNNVD-202601-1724
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
Apache NimBLE是美国阿帕奇(Apache)基金会的一个开源蓝牙 5.4 堆栈(主机和控制器),完全取代 Nordic 芯片组上的专有 SoftDevice。它是Apache Mynewt 项目的一部分。 Apache NimBLE 1.8.0及之前版本存在安全漏洞,该漏洞源于接收特制的安全请求可能导致移除原始绑定并与冒名顶替者重新绑定。
Description (English)
Apache NimBLE, an open-source bluetooth (host and controller) stack of the Apache Foundation in the United States, completely replaced SoftDevice on the Nordic chip group. It’s part of the Apache Mynewt project. Apache NimbLE 1.8.0 and previous versions contain a security loophole, which stems from the fact that receiving specially designed security requests may lead to the removal of original bindings and re-arrangement with impostors.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho http://www.openwall.com/lists/oss-security/2026/01/08/4 https://access.redhat.com/security/cve/cve-2025-62235