CVE-2019-17520 — Classic Buffer Overflow in Cc2640r2 Software Development KIT

CWE-120 — Classic Buffer Overflow3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 64.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
TI Cc2640r2 Software Development KIT
Timeline
PublishedFeb 10
Latest updateMay 24

Description

The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xr3c-8qvg-wf25: The Bluetooth Low Energy implementation on Texas Instruments SDK through 3↗2022-05-24
â–¶
CVEList
CVE-2019-17520: The Bluetooth Low Energy implementation on Texas Instruments SDK through 3↗2020-02-10
â–¶
CVE-2019-17520 — Classic Buffer Overflow | cvebase