📦

cypress_bluetooth_mesh_software_development_kit

Vendor: infineon

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 2 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.11% Exploit Prob.

Latest CVE CVE-2022-31364 Feb 01

Security Vulnerability Index

Page 1 / 1

8.2 CVSS

CVE-2022-31364

RCE

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.

EPSS: 0.11%

Severity: HIGH

Feb 01, 2023

8.2 CVSS

CVE-2022-31363

RCE

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.

EPSS: 0.11%

Severity: HIGH

Feb 01, 2023

Displaying 2 of 2 Total Entries

Total 1 Sections