Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <ea2e2643-a017-5a50-1d4a-a8fd845ee274@apache.org>
Date: Thu, 08 Jan 2026 09:53:43 +0000
From: Szymon Janc <janc@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-53470: Apache NimBLE: Out-of-Bounds Write Vulnerability
 in NimBLE HCI H4 driver 

Severity: low 

Affected versions:

- Apache NimBLE through 1.8

Description:

Out-of-bounds Read vulnerability in Apache  NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.

This issue affects Apache NimBLE: through 1.8. 

This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.

Users are recommended to upgrade to version 1.9, which fixes the issue.

Credit:

雷重庆 <leicq@....edu.cn> (reporter)

References:

https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76
https://mynewt.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-53470

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.