Описание
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | |
| esm-apps/jammy | needed | |
| esm-apps/noble | not-affected | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needed | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
Показывать по
EPSS
6.1 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.
The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.
Уязвимость реализации Bluetooth Classic стека Cypress WICED BT для устройств CYW20735B1, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.1 Medium
CVSS2
6.5 Medium
CVSS3