CVE-2019-19192

Published: Feb 12, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.

Affected (2)

Products: St: Wb55, Bluenrg 2

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
St Wb55	Up to 1.3.1

Running on/with	Platform Versions
St Wb55	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
St Bluenrg 2	Up to 1.3.1

Running on/with	Platform Versions
St Bluenrg 2	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://asset-group.github.io/disclosures/sweyntooth/

Source: cve@mitre.org

ExploitThird Party Advisory

https://asset-group.github.io/disclosures/sweyntooth/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.