CVE-2021-31609

Опубликовано: 07 сент. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.

Ссылки

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
Technical Description
Third Party Advisory
https://www.silabs.com/wireless/bluetooth/bluegiga-classic-legacy-modules/device.wt32i-a
Product
Vendor Advisory
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
Technical Description
Third Party Advisory
https://www.silabs.com/wireless/bluetooth/bluegiga-classic-legacy-modules/device.wt32i-a
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:silabs:iwrap:*:*:*:*:*:*:*:*

Версия до 6.3.0 (включая)

cpe:2.3:h:silabs:wt32i-a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-gjhp-fhfw-fvx3

github

больше 3 лет назад