exploitDog

CVE-2022-26528

Опубликовано: 30 авг. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html
Third Party Advisory
VDB Entry
https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:realtek:bluetooth_mesh_software_development_kit:*:*:*:*:*:*:*:*

Версия до 4.17-4.17-20220127 (включая)

Одно из

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00177

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-120

CWE-120

Связанные уязвимости

GHSA-mm97-wh26-7377

CVSS3: 6.5

github

больше 3 лет назад

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.

EPSS

Процентиль: 39%

0.00177

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-120

CWE-120