Home

Description

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8.  This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue.

PUBLISHED Reserved 2025-06-30 | Published 2026-01-10 | Updated 2026-01-10 | Assigner apache

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status
unaffected

Any version
affected

Credits

雷重庆 <leicq@seu.edu.cn> reporter

References

www.openwall.com/lists/oss-security/2026/01/08/2

github.com/...ommit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76 patch

lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0 vendor-advisory

cve.org (CVE-2025-53470)

nvd.nist.gov (CVE-2025-53470)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.