Lucene search

MitreCVE-2022-31364

HistoryFeb 01, 2023 - 9:15 p.m.

CVE-2022-31364

2023-02-0121:15:08

CWE-787

mitre

web.nvd.nist.gov

cypress

bluetooth mesh

sdk

buffer overflow

out-of-bound write

vulnerability

nvd

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

36.9%

JSON

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.

Affected configurations

Nvd

Node

infineoncypress_bluetooth_mesh_software_development_kitMatchbsa0107_05.01.00-bx8-amesh-08

VendorProductVersionCPE
infineoncypress_bluetooth_mesh_software_development_kitbsa0107_05.01.00-bx8-amesh-08cpe:2.3:a:infineon:cypress_bluetooth_mesh_software_development_kit:bsa0107_05.01.00-bx8-amesh-08:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
infineon	cypress_bluetooth_mesh_software_development_kit	bsa0107_05.01.00-bx8-amesh-08	cpe:2.3:a:infineon:cypress_bluetooth_mesh_software_development_kit:bsa0107_05.01.00-bx8-amesh-08:::::::*

References

docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

36.9%

JSON

Related for CVE-2022-31364