Primary

Context

Apache NimBLE NULL Pointer Dereference Vulnerability in HCI Layer

Vulnerability

A NULL pointer dereference vulnerability exists in Apache NimBLE versions through 1.8.0. This issue arises from a lack of proper validation in the HCI connection completion and HCI command transmission buffer, potentially leading to a NULL pointer dereference. The vulnerability requires disabled assertions and a faulty Bluetooth controller, which is why it is considered to have a low severity.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, which can cause a program to crash or behave unexpectedly by attempting to access memory that is not allocated.

Remediation

Users are advised to upgrade to Apache NimBLE version 1.9.0, which addresses this vulnerability.

Added: Jan 10, 2026, 10:18 AM

Updated: Jan 10, 2026, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.6

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.6

remediation

7.7

relevance

2.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache NimBLE NULL Pointer Dereference Vulnerability in HCI Layer

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating