CVE-2018-16986 — Out-of-bounds Write in Ble-stack

CWE-787 — Out-of-bounds Write CWE-415 — Double Free7 documents4 sources

Severity

8.8HIGHNVD

NVD7.5

EPSS

2.6%

top 14.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos TI Ble-stack Hewlett Packard Enterprise Aruba Access Points

Timeline

PublishedNov 6

Latest updateMay 13

Description

Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDti/ble-stack2.2.1+2

▶NVDarubanetworks/arubaos6.4.4.0 — 6.4.4.20+4

▶CVEListV5hewlett_packard_enterprise/aruba_access_pointsAP-3xx and IAP-3xx series access points, AP-203R, AP-203RP, ArubaOS 6.4.4.x prior to 6.4.4.20, ArubaOS 6.5.3.x prior to 6.5.3.9, ArubaOS 6.5.4.x prior to 6.5.4.9, ArubaOS 8.x prior to 8.2.2.2, ArubaOS 8.3.x prior to 8.3.0.4

🔴Vulnerability Details

GHSA

GHSA-c828-r7p5-j3g3: A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points↗2022-05-13

▶

GHSA

GHSA-h9pw-955p-cqrc: Texas Instruments BLE-STACK v2↗2022-05-13

▶

CVEList

CVE-2018-7080: A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points↗2018-12-07

▶

CVEList

CVE-2018-16986: Texas Instruments BLE-STACK v2↗2018-11-06

▶

📋Vendor Advisories

Cisco

Texas Instruments Bluetooth Low Energy Denial of Service and Remote Code Execution Vulnerability↗2018-11-01

▶