← Back

CVE-2019-15948

nvd nist
Published: Nov 13, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.

Affected (3)

Ti
3 products
Cc256xc Bt Sp Firmware
Cc256xb Bt Sp Firmware
Wl18xx Bt Sp Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cc256xc Bt Sp Firmware
Up to 1.2
Running on/withPlatform Versions
Ti
Cc256xc Bt Sp
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cc256xb Bt Sp Firmware
Up to 1.8
Running on/withPlatform Versions
Ti
Cc256xb Bt Sp
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wl18xx Bt Sp Firmware
Up to 4.4
Running on/withPlatform Versions
Ti
Wl18xx Bt Sp
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (10)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.