← Retour aux CVEs
CVE-2022-31363
HIGH8.2
Description
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.
Details CVE
Score CVSS v3.18.2
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie2/1/2023
Derniere modification3/27/2025
Sourcenvd
Observations honeypot0
Produits affectes
infineon:cypress_bluetooth_mesh_software_development_kit
Faiblesses (CWE)
CWE-787CWE-787
References
https://docs.google.com/document/d/1iSZze8Ig6HZVsrldmXw0bibZLGMMTU5w/edit(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.