Home

Description

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

PUBLISHED Reserved 2025-06-30 | Published 2026-01-10 | Updated 2026-01-10 | Assigner apache

Problem types

CWE-476 NULL Pointer Dereference

Product status

Default status
unaffected

Any version
affected

Credits

雷重庆 <leicq@seu.edu.cn> reporter

References

www.openwall.com/lists/oss-security/2026/01/08/3

github.com/...ommit/0caf9baeb271ede85fcc5237ab87ddbf938600da patch

github.com/...ommit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077 patch

lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo vendor-advisory

cve.org (CVE-2025-53477)

nvd.nist.gov (CVE-2025-53477)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.