CVE-2019-19193
https://notcve.org/view.php?id=CVE-2019-19193
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. La implementación periférica de Bluetooth Low Energy en Texas Instruments SIMPLELINK-CC2640R2-SDK versiones hasta 3.30.00.20 y BLE-STACK versiones hasta 1.5.0 anteriores a Q4 2019 para dispositivos CC2640R2 y CC2540/1 no restringe apropiadamente el paquete de petición de conexión de publicidad en la recepción, permitiendo a atacantes dentro del radio de alcance para causar una denegación de servicio (bloqueo) por medio de un paquete diseñado. • http://www.ti.com/tool/BLE-STACK https://asset-group.github.io/disclosures/sweyntooth •
CVE-2018-16986
https://notcve.org/view.php?id=CVE-2018-16986
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Texas Instruments BLE-STACK v2.2.1 para dispositivos SimpleLink CC2640 y CC2650 provoca que atacantes remotos ejecuten código arbitrario mediante un paquete mal formado que desencadena un desbordamiento de búfer. • http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827 http://www.securityfocus.com/bid/105812 http://www.securitytracker.com/id/1042018 https://armis.com/bleedingbit https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap https://www.kb.cert.org/vuls/id/317277 • CWE-787: Out-of-bounds Write •