Vulnerabilities
This page contains a summary of Common Vulnerabilities and Exposures (CVE) discovered and fixed in Apache Mynewt.
| CVE-ID | Description | Releases Affected | Release Fixed |
|---|---|---|---|
| CVE-2025-52435 | Invalid error handling in pause encryption procedure in NimBLE controller | NimBLE through 1.8.0 | NimBLE 1.9.0 |
| CVE-2025-53470 | Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver | NimBLE through 1.8.0 | NimBLE 1.9.0 |
| CVE-2025-53477 | NULL Pointer Dereference in NimBLE host HCI layer | NimBLE through 1.8.0 | NimBLE 1.9.0 |
| CVE-2025-62235 | Incorrect handling of SMP Security Request could lead to undesirable pairing | NimBLE through 1.8.0 | NimBLE 1.9.0 |
| CVE-2024-47248 | Buffer overflow in NimBLE MESH Bluetooth stack | NimBLE through 1.7.0 | NimBLE 1.8.0 |
| CVE-2024-47249 | Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler | NimBLE through 1.7.0 | NimBLE 1.8.0 |
| CVE-2024-47250 | Lack of input validation in HCI advertising report could lead to potential out-of-bound access | NimBLE through 1.7.0 | NimBLE 1.8.0 |
| CVE-2024-51569 | Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler | NimBLE through 1.7.0 | NimBLE 1.8.0 |
| CVE-2024-24746 | Loop with Unreachable Exit Condition | NimBLE through 1.6.0 | NimBLE 1.7.0 |