CVE Vulnerability

CVE-2019-16336

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.

3.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.5 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.youtube.com/watch?v=Iw8sIBLWE_w Exploit Third Party Advisory
https://community.cypress.com/thread/48573 Vendor Advisory
https://asset-group.github.io/disclosures/sweyntooth/ Exploit Third Party Advisory
https://community.cypress.com/thread/53680 Vendor Advisory
Configurations

Configuration 1
Information

Published : 2020-02-12 06:15

Updated : 2022-01-01 07:51

NVD link : CVE-2019-16336

Mitre link : CVE-2019-16336

Products Affected

Cybl11573

Cypress

CWE
CWE-120