CVE-2026-44634
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
The SimpleBLE library prior to version 0.14.0 has multiple stack-based buffer overflow vulnerabilities. These affect the Protocol::simpleble_write function in the dongl backend and the processing of manufacturer-specific and service data in BLE advertisements.
Risk Assessment
These vulnerabilities could lead to remote code execution or application crashes, posing a significant security risk to systems using this library.
Recommendation
It is recommended to update the SimpleBLE library to version 0.14.0 or later to mitigate these vulnerabilities.
Original NVD description (English source)
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0.

