Description

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

Related CPE's

a

apache

nimble

Vulnerable

References

https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da

Patch

https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077

Patch

https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2026/01/08/3

Mailing ListThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-476

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-10T10:15:50.660Z

4 days ago

Last modified

2026-01-14T17:38:58.047Z

2 hours ago