CVE-2025-35003

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-35003

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-35003.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-35003

Published

2025-05-26T10:15:19Z

Modified

2025-05-28T17:04:21.104244Z

Summary

[none]

Details

Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets.

NuttX's Bluetooth HCI/UART stack users are advised to upgrade to version 12.9.0, which fixes the identified implementation issues.

This issue affects Apache NuttX: from 7.25 before 12.9.0.

References

Affected packages

Git / github.com/apache/nuttx

Affected ranges

Type: GIT
Repo: https://github.com/apache/nuttx
Events: Introduced

0eb9a05b9ea1a426330be21016b70a34a234f4ec

Fixed

7c95e3c613820adf9802ba2fea0806333c02a553

Affected versions

nuttx-12.*

nuttx-12.9.0-RC0

nuttx-7.*

nuttx-7.25

nuttx-7.26

nuttx-7.27

nuttx-7.28

nuttx-7.29

nuttx-7.30

nuttx-7.31

nuttx-8.*

nuttx-8.1

nuttx-8.2