CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-15531
https://notcve.org/view.php?id=CVE-2020-15531
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. Silicon Labs Bluetooth Low Energy SDK versiones anteriores a 2.13.3, presenta un desbordamiento de búfer por medio de paquetes de datos. Esta es una vulnerabilidad de ejecución de código remota por aire en Bluetooth LE en los SoC EFR32 y módulos asociados que ejecutan Bluetooth SDK, que admiten funciones de Central u Observer. • https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655 https://www.youtube.com/watch?v=saoTr1NwdzM • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15532
https://notcve.org/view.php?id=CVE-2020-15532
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. Silicon Labs Bluetooth Low Energy SDK versiones anteriores a 2.13.3, presenta un desbordamiento de búfer por medio de paquetes de datos. Se trata de una vulnerabilidad de denegación de servicio por aire en Bluetooth LE en los SoC EFR32 y módulos asociados que ejecutan Bluetooth SDK, admitiendo los roles Central u Observer. • https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_dos.py https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •