CVE-2026-44634

Vulnerability Description

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0.

Vulnerability Details

Published Date

June 10, 2026

Last Modified

June 10, 2026

CWE ID

CWE-121

Source

NVD

Vendor

simpleble

Product

simpleble

External References

https://github.com/simpleble/simpleble/commit/1501d59d76a4280268372afb1b157bf6caeacba6
https://github.com/simpleble/simpleble/pull/466
https://github.com/simpleble/simpleble/releases/tag/v0.14.0
https://github.com/simpleble/simpleble/security/advisories/GHSA-8h89-q8m2-c8fp

CVE-2026-44634

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment