CVE-2026-44634

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0.

CVSS

No CVSS.

References

Link	Resource
https://github.com/simpleble/simpleble/commit/1501d59d76a4280268372afb1b157bf6caeacba6
https://github.com/simpleble/simpleble/pull/466
https://github.com/simpleble/simpleble/releases/tag/v0.14.0
https://github.com/simpleble/simpleble/security/advisories/GHSA-8h89-q8m2-c8fp

Configurations

No configuration.

History

10 Jun 2026, 01:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-10 01:16

Updated : 2026-06-10 01:16

NVD link : CVE-2026-44634

Mitre link : CVE-2026-44634

CVE.ORG link : CVE-2026-44634

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2026-44634", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-06-10T01:16:27.080", "references": [{"url": "https://github.com/simpleble/simpleble/commit/1501d59d76a4280268372afb1b157bf6caeacba6", "source": "security-advisories@github.com"}, {"url": "https://github.com/simpleble/simpleble/pull/466", "source": "security-advisories@github.com"}, {"url": "https://github.com/simpleble/simpleble/releases/tag/v0.14.0", "source": "security-advisories@github.com"}, {"url": "https://github.com/simpleble/simpleble/security/advisories/GHSA-8h89-q8m2-c8fp", "source": "security-advisories@github.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-121"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend\u2019s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0."}], "lastModified": "2026-06-10T01:16:27.080", "sourceIdentifier": "security-advisories@github.com"}