Apache Nimble
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Nimble.
By the Year
In 2025 there have been 0 vulnerabilities in Apache Nimble. Last year, in 2024 Nimble had 5 security vulnerabilities published. Right now, Nimble is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 5 | 0.00 |
It may take a day or so for new Nimble vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Nimble Security Vulnerabilities
Apache NimBLE Out-of-Bounds Read Vulnerability in HCI Event Parsing
CVE-2024-51569
- November 26, 2024
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Out-of-bounds Read
Apache NimBLE Out-of-Bounds Read Vulnerability in HCI Advertising Report Parsing
CVE-2024-47250
- November 26, 2024
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Out-of-bounds Read
Apache NimBLE 1.7.0 Out-of-Bound via HCI Event Array Index
CVE-2024-47249
- November 26, 2024
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
out-of-bounds array index
Classic Buffer Overflow in Apache NimBLE MESH Message 1.7.0
CVE-2024-47248
- November 26, 2024
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue.
Classic Buffer Overflow
Apache NimBLE GATT Server Infinite Loop (v1.6.0) DoS
CVE-2024-24746
- April 06, 2024
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue.
Infinite Loop
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Nimble or by Apache? Click the Watch button to subscribe.
