5 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-31363

https://notcve.org/view.php?id=CVE-2022-31363

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU. • https://docs.google.com/document/d/1iSZze8Ig6HZVsrldmXw0bibZLGMMTU5w/edit • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-31364

https://notcve.org/view.php?id=CVE-2022-31364

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN. • https://docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit • CWE-787: Out-of-bounds Write •

CVSS: 5.9EPSS: 0%CPEs: 131EXPL: 3

CVE-2017-15361

https://notcve.org/view.php?id=CVE-2017-15361

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. La librería Infineon RSA 1.02.013 en firmware Infineon Trusted Platform Module (TPM) como las versiones anteriores a la 0000000000000422 - 4.34, anteriores a la 000000000000062b - 6.43 y anteriores a la 0000000000008521 - 133.33, gestiona de manera incorrecta la generación de claves RSA, lo que hace que sea más fácil para los atacantes superar varios mecanismos de protección criptográfica mediante ataques dirigidos, conocido como ROCA. Ejemplos de las tecnologías afectadas son BitLocker con TPM 1.2, la generación de claves PGP con YubiKey 4 (en versiones anteriores a la 4.3.5) y la característica de cifrado Cached User Data en Chrome OS. • https://github.com/nsacyber/Detect-CVE-2017-15361-TPM https://github.com/lva/Infineon-CVE-2017-15361 https://github.com/Elbarbons/ROCA-attack-on-vulnerability-CVE-2017-15361 http://support.lenovo.com/us/en/product_security/LEN-15552 http://www.securityfocus.com/bid/101484 https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids https://blog.cr.yp.to/20171105-infineon.html https://cert-portal.siemens.com/productcert/pdf •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9647

https://notcve.org/view.php?id=CVE-2017-9647

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU. Se ha descubierto un problema de desbordamiento de búfer basado en pila en el conjunto de chips Continental AG Infineon S-Gold 2 (PMB 8876) presente en varios modelos de BMW producidos entre 2009-2010, un número limitado de vehículos P-HEV de Ford, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, y Nissan 2011-2015 Leaf. Un atacante con conexión física con el TCU podría explotar un problema de desbordamiento de búfer que existe en el procesamiento de comandos AT. • http://www.securityfocus.com/bid/100132 https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9633

https://notcve.org/view.php?id=CVE-2017-9633

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU. Se ha descubierto un problema de restricción de operaciones incorrecta dentro de los límites de búfer de la memoria en el conjunto de chips Continental AG Infineon S-Gold 2 (PMB 8876) presente en varios modelos de BMW producidos entre 2009-2010, un número limitado de vehículos P-HEV de Ford, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, y Nissan 2011-2015 Leaf. Una vulnerabilidad en el campo Temporary Mobile Subscriber Identity (TMSI) podría permitir que un atacante tuviese el acceso y el control de la memoria. • http://www.securityfocus.com/bid/100132 https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •