Lucene search

[email protected]CVE-2022-31364

HistoryFeb 01, 2023 - 9:15 p.m.

CVE-2022-31364

2023-02-0121:15:08

CWE-787

[email protected]

web.nvd.nist.gov

cypress

bluetooth mesh

sdk

buffer overflow

out-of-bound write

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.

Affected configurations

NVD

Node

infineoncypress_bluetooth_mesh_software_development_kitMatchbsa0107_05.01.00-bx8-amesh-08

CPENameOperatorVersion
infineon:cypress_bluetooth_mesh_software_development_kitinfineon cypress bluetooth mesh software development kiteqbsa0107_05.01.00-bx8-amesh-08

CPE	Name	Operator	Version
infineon:cypress_bluetooth_mesh_software_development_kit	infineon cypress bluetooth mesh software development kit	eq	bsa0107_05.01.00-bx8-amesh-08

References

docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for CVE-2022-31364

nvd1 prion1 cvelist1