// For flags

CVE-2019-16336

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.

La implementación de Bluetooth Low Energy en el plugin Cypress PSoC 4 BLE versiones 3.61 y anteriores, procesa tramas de canal de datos con una longitud de carga útil mayor que el tamaño de carga útil RX máximo de la capa de enlace configurada, lo que permite a atacantes (dentro del radio de alcance) causar una denegación de servicio (bloqueo) por medio de una trama BLE Link Layer diseñado.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-09-15 CVE Reserved
  • 2020-02-12 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cypress
Search vendor "Cypress"
Cyble-416045
Search vendor "Cypress" for product "Cyble-416045"
<= 2.10
Search vendor "Cypress" for product "Cyble-416045" and version " <= 2.10"
-
Affected
in Cypress
Search vendor "Cypress"
Cyble-416045
Search vendor "Cypress" for product "Cyble-416045"
--
Safe
Cypress
Search vendor "Cypress"
Cybl11573
Search vendor "Cypress" for product "Cybl11573"
<= 3.61
Search vendor "Cypress" for product "Cybl11573" and version " <= 3.61"
-
Affected
in Cypress
Search vendor "Cypress"
Cybl11573
Search vendor "Cypress" for product "Cybl11573"
--
Safe