CVE-2019-16336 - OpenCVE

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cypress	Cyble-416045 Cybl11573

Configuration 1 [-]

AND

cpe:2.3:a:cypress:cyble-416045:*:*:*:*:*:*:*:*

cpe:2.3:h:cypress:cyble-416045:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:cypress:cybl11573:*:*:*:*:*:*:*:*

cpe:2.3:h:cypress:cybl11573:-:*:*:*:*:*:*:*

References

Link	Resource
https://asset-group.github.io/disclosures/sweyntooth/	Exploit Third Party Advisory
https://community.cypress.com/thread/48573	Vendor Advisory
https://community.cypress.com/thread/53680	Vendor Advisory
https://www.youtube.com/watch?v=Iw8sIBLWE_w	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-12T17:59:37

Updated: 2020-04-13T14:59:37

Reserved: 2019-09-15T00:00:00

Link: CVE-2019-16336

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-12T18:15:10.393

Modified: 2022-01-01T19:51:57.407

Link: CVE-2019-16336

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-13T14:59:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.cypress.com/thread/48573"}, {"tags": ["x_refsource_MISC"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w"}, {"tags": ["x_refsource_MISC"], "url": "https://community.cypress.com/thread/53680"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16336", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://community.cypress.com/thread/48573", "refsource": "MISC", "url": "https://community.cypress.com/thread/48573"}, {"name": "https://asset-group.github.io/disclosures/sweyntooth/", "refsource": "MISC", "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"name": "https://www.youtube.com/watch?v=Iw8sIBLWE_w", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w"}, {"name": "https://community.cypress.com/thread/53680", "refsource": "MISC", "url": "https://community.cypress.com/thread/53680"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16336", "datePublished": "2020-02-12T17:59:37", "dateReserved": "2019-09-15T00:00:00", "dateUpdated": "2020-04-13T14:59:37", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cypress:cyble-416045:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCB98EF1-F8AF-40E9-9976-F6C69139BFD3", "versionEndIncluding": "2.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cypress:cyble-416045:-:*:*:*:*:*:*:*", "matchCriteriaId": "63B8873A-0D8A-4ADE-BB3A-267CF252CA73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cypress:cybl11573:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CEE30B6-0B17-42F0-A958-4F9C253429D0", "versionEndIncluding": "3.61", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cypress:cybl11573:-:*:*:*:*:*:*:*", "matchCriteriaId": "712E6D55-CD62-4177-8FB1-F2E1C806CD0B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame."}, {"lang": "es", "value": "La implementaci\u00f3n de Bluetooth Low Energy en el plugin Cypress PSoC 4 BLE versiones 3.61 y anteriores, procesa tramas de canal de datos con una longitud de carga \u00fatil mayor que el tama\u00f1o de carga \u00fatil RX m\u00e1ximo de la capa de enlace configurada, lo que permite a atacantes (dentro del radio de alcance) causar una denegaci\u00f3n de servicio (bloqueo) por medio de una trama BLE Link Layer dise\u00f1ado."}], "id": "CVE-2019-16336", "lastModified": "2022-01-01T19:51:57.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-12T18:15:10.393", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.cypress.com/thread/48573"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.cypress.com/thread/53680"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}