Skip to main content

SimpleBLE CVE-2026-44634

HIGH
Stack-based Buffer Overflow (CWE-121)
2026-06-09 GitHub_M
Stack Overflow Buffer Overflow Simpleble
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Source Code Evidence Fetched
Jun 10, 2026 - 03:00 vuln.today
Analysis Generated
Jun 10, 2026 - 03:00 vuln.today
CVSS changed
Jun 10, 2026 - 01:22 NVD
8.7 (HIGH)
CVE Published
Jun 09, 2026 - 23:59 nvd
UNKNOWN (no severity yet)

DescriptionNVD

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0.

AnalysisAI

Stack-based buffer overflows in SimpleBLE prior to version 0.14.0 allow remote attackers within Bluetooth range to crash applications by transmitting crafted BLE advertisements containing oversized manufacturer-specific data or service data, requiring no pairing or connection. A separate local overflow exists in the dongl backend's Protocol::simpleble_write function via caller-controlled input. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position within BLE range of target
Delivery
Craft oversized BLE 5.0 extended advertisement
Exploit
Broadcast manufacturer/service data payload
Execution
Victim scanner parses advertisement
Persist
Stack buffer overflow in SimpleCBLE
Impact
Application crash or potential code execution
Sign in to reveal

Vulnerability AssessmentAI

Exploitation For the two remote bugs: the target host must be running a SimpleBLE-based application (versions prior to 0.14.0) that is actively scanning for BLE advertisements, and the attacker must be within Bluetooth radio range (typically tens of meters) - no pairing, bonding, authentication, or prior connection is required, and the attacker only needs a BLE-capable radio able to transmit extended (BLE 5.0) advertisements with oversized manufacturer-specific data or service data fields. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N/VA:H (score 8.7) reflects the two remote advertisement-parsing bugs: network-reachable, low complexity, no privileges, no user interaction, with high availability impact and no confidentiality or integrity impact - consistent with crash/DoS rather than confirmed code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker within BLE radio range of a host running a vulnerable SimpleBLE-based scanner application (e.g., a BLE gateway, asset tracker, or smart-home bridge) broadcasts a crafted BLE 5.0 extended advertisement containing oversized manufacturer-specific or service data fields. When the victim's SimpleCBLE parser copies the advertisement payload into a fixed-size stack buffer, the overflow corrupts the stack - at minimum crashing the scanning process (DoS) and potentially redirecting execution if no stack protections are in place. …
Remediation Upgrade to SimpleBLE 0.14.0 or later, which adds bounds validation in Protocol::simpleble_write (throws std::length_error when payload exceeds 512 bytes) and truncates oversized manufacturer/service data in the SimpleCBLE advertisement parser; the fix commit is 1501d59d76a4280268372afb1b157bf6caeacba6 and PR https://github.com/simpleble/simpleble/pull/466. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Identify all applications and firmware using SimpleBLE library and their deployment scope. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44634 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy