PT-2026-1816 · Apache · Apache Nimble
Published
2026-01-10
·
Updated
2026-01-10
·
CVE-2025-53477
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apache NimBLE versions through 1.8.0
Description
A flaw exists in Apache NimBLE where missing validation of an HCI connection complete or HCI command TX buffer can result in a NULL pointer dereference. This issue requires disabled asserts and a malfunctioning Bluetooth controller, leading to a low severity assessment.
Recommendations
Upgrade to version 1.9.0 to address the issue.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Nimble