1 results (0.002 seconds)
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-13916
https://notcve.org/view.php?id=CVE-2019-13916
13 Apr 2020 — An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. As a Bluetooth Low Energy (BLE) packet is received, it is copied into a Heap (ThreadX Block) buffer. The buffer allocated in dhmulp_getRxBuffer is four bytes too small to hold the maximum of 255 bytes plus headers. It is possible to corrupt a pointer in the linked list holding the free buffers of the g_mm_BLEDeviceToHostPool Block pool. This pointer can be fully controlled by overflowing with 3 bytes of packet... • https://community.cypress.com/thread/53681 • CWE-787: Out-of-bounds Write •