Apache Mynewt security advisories

Security information for Apache Mynewt

Reporting

Do you want disclose a potential security issue for Apache Mynewt? Send your report to the Apache Security Team.

Advisories

This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public mailinglist or privately on security@apache.org

Incorrect handling of SMP Security Request could lead to undesirable pairing

CVE-2025-62235 [CVE] [CVE json] [OSV json]

Last updated: 2026-01-10T09:42:36.935Z

Affected

  • Apache Mynewt NimBLE through 1.8.0

Description

Authentication Bypass by Spoofing vulnerability in Apache NimBLE.

Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor.

This issue affects Apache NimBLE: through 1.8.0.

Users are recommended to upgrade to version 1.9.0, which fixes the issue.

References

Credits

NULL Pointer Dereference in NimBLE host HCI layer

CVE-2025-53477 [CVE] [CVE json] [OSV json]

Last updated: 2026-01-10T09:45:08.352Z

Affected

  • Apache Mynewt NimBLE through 1.8.0

Description

NULL Pointer Dereference vulnerability in Apache Nimble.

Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.
This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.

This issue affects Apache NimBLE: through 1.8.0.

Users are recommended to upgrade to version 1.9.0, which fixes the issue.

References

Credits

Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

CVE-2025-53470 [CVE] [CVE json] [OSV json]

Last updated: 2026-01-10T09:46:32.072Z

Affected

  • Apache Mynewt NimBLE through 1.8

Description

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.

This issue affects Apache NimBLE: through 1.8. 

This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.

Users are recommended to upgrade to version 1.9, which fixes the issue.

References

Credits

Invalid error handling in pause encryption procedure in NimBLE controller

CVE-2025-52435 [CVE] [CVE json] [OSV json]

Last updated: 2026-01-10T09:47:08.833Z

Affected

  • Apache Mynewt NimBLE through 1.8.0

Description

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.

Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.

This issue affects Apache NimBLE: through <= 1.8.0.

Users are recommended to upgrade to version 1.9.0, which fixes the issue.

References

Credits

Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler

CVE-2024-51569 [CVE] [CVE json] [OSV json]

Last updated: 2024-12-06T07:50:42.419Z

Affected

  • Apache NimBLE through 1.7.0

Description

Out-of-bounds Read vulnerability in Apache NimBLE.

Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.

This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References

Credits

  • Eunkyu Lee (reporter)

Lack of input validation in HCI advertising report could lead to potential out-of-bound access

CVE-2024-47250 [CVE] [CVE json] [OSV json]

Last updated: 2024-12-06T07:50:00.629Z

Affected

  • Apache NimBLE through 1.7.0

Description

Out-of-bounds Read vulnerability in Apache NimBLE.

Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.

This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References

Credits

  • Eunkyu Lee (reporter)

Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler

CVE-2024-47249 [CVE] [CVE json] [OSV json]

Last updated: 2024-12-06T07:49:57.242Z

Affected

  • Apache NimBLE through 1.7.0

Description

Improper Validation of Array Index vulnerability in Apache NimBLE.

Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.

This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References

Credits

  • Eunkyu Lee (reporter)

Buffer overflow in NimBLE MESH Bluetooth stack

CVE-2024-47248 [CVE] [CVE json] [OSV json]

Last updated: 2024-12-06T07:39:45.067Z

Affected

  • Apache NimBLE through 1.7.0

Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.

Specially crafted MESH message could result in memory corruption when non-default build configuration is used.

This issue affects Apache NimBLE: through 1.7.0.

Users are recommended to upgrade to version 1.8.0, which fixes the issue.

References

Credits

  • Wei Che Kao (Xiaobye), graduate student from National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab. (reporter)

Denial of service in NimBLE Bluetooth stack

CVE-2024-24746 [CVE] [CVE json] [OSV json]

Last updated: 2024-04-10T07:39:33.115Z

Affected

  • Apache NimBLE through 1.6.0

Description

Loop with Unreachable Exit Condition (‘Infinite Loop’) vulnerability in Apache NimBLE. 

Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.

This issue affects Apache NimBLE: through 1.6.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.

References

Credits

  • Baptiste Boyer from Quarkslab Vulnerability Reports team (reporter)