CVE-2019-17519

Published: Feb 12, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.

Affected (1)

Products: Nxp: Mcuxpresso Software Development Kit

Nxp

1 product

Mcuxpresso Software Development Kit

Configuration A

1 vulnerable · 8 platform

Vulnerable Software	Affected Versions
Nxp Mcuxpresso Software Development Kit	Up to 2.2.1

Running on/with	Platform Versions
Nxp Kw31z	All versions
Nxp Kw34	All versions
Nxp Kw35	All versions
Nxp Kw36	All versions
Nxp Kw37	All versions
Nxp Kw38	All versions
Nxp Kw39	All versions
Nxp Kw41z	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://asset-group.github.io/disclosures/sweyntooth/

Source: cve@mitre.org

ExploitThird Party Advisory

https://asset-group.github.io/disclosures/sweyntooth/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.