Buffer Overflow Vulnerability in Cypress WICED Studio Bluetooth Devices
CVE-2019-13916

8.8HIGH

Key Information:

Vendor

Cypress

Status
Wiced Studio
Vendor
CVE Published:
13 April 2020

What is CVE-2019-13916?

A buffer overflow vulnerability exists in Cypress WICED Studio 6.2 affecting CYW20735B1 and CYW20819A1 Bluetooth Low Energy (BLE) devices. The flaw arises from the insufficient allocation of a buffer that is four bytes too small for handling the maximum packet size of 255 bytes plus headers. This issue can lead to a heap corruption in the linked list managing free buffers within the BLE device architecture. An attacker can exploit this vulnerability by controlling the overflow using crafted packet data, potentially leading to a write-what-where condition that could jeopardize the security of the device. This vulnerability has been addressed in BT SDK 2.4 and BT SDK 2.45, emphasizing the importance of keeping firmware updated.

References

https://community.cypress.com/thread/53681
x_refsource_MISC
https://github.com/seemoo-lab/frankenstein/blob/master/do...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2019-13916 : Buffer Overflow Vulnerability in Cypress WICED Studio Bluetooth Devices