Search criteria
12 vulnerabilities found for bluetooth_mesh_software_development_kit by realtek
FKIE_CVE-2022-26527
Vulnerability from fkie_nvd - Published: 2022-08-30 05:15 - Updated: 2024-11-21 06:54
Severity
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
References
| URL | Tags | ||
|---|---|---|---|
| twcert@cert.org.tw | https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | bluetooth_mesh_software_development_kit | * | |
| android | - | ||
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realtek:bluetooth_mesh_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63ABFA90-24E0-4607-BB05-90ECA0A7639C",
"versionEndIncluding": "4.17-4.17-20220127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets\u2019 reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
},
{
"lang": "es",
"value": "Realtek Linux/Android Bluetooth Mesh SDK presenta una vulnerabilidad de desbordamiento de b\u00fafer debido a que no es comprobado suficientemente el tama\u00f1o del par\u00e1metro de referencia de los paquetes segmentados. Un atacante no autenticado en la red adyacente puede aprovechar esta vulnerabilidad para causar un desbordamiento del b\u00fafer e interrumpir el servicio"
}
],
"id": "CVE-2022-26527",
"lastModified": "2024-11-21T06:54:06.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
}
]
},
"published": "2022-08-30T05:15:07.783",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-25635
Vulnerability from fkie_nvd - Published: 2022-08-30 05:15 - Updated: 2024-11-21 06:52
Severity
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.
References
| URL | Tags | ||
|---|---|---|---|
| twcert@cert.org.tw | https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | bluetooth_mesh_software_development_kit | * | |
| android | - | ||
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realtek:bluetooth_mesh_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63ABFA90-24E0-4607-BB05-90ECA0A7639C",
"versionEndIncluding": "4.17-4.17-20220127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service."
},
{
"lang": "es",
"value": "Realtek Linux/Android Bluetooth Mesh SDK presenta una vulnerabilidad de desbordamiento de b\u00fafer debido a que no es comprobado suficientemente la longitud de los paquetes de red de difusi\u00f3n. Un atacante no autenticado en la red adyacente puede explotar esta vulnerabilidad para interrumpir el servicio"
}
],
"id": "CVE-2022-25635",
"lastModified": "2024-11-21T06:52:28.903",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T05:15:07.437",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26528
Vulnerability from fkie_nvd - Published: 2022-08-30 05:15 - Updated: 2024-11-21 06:54
Severity
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
References
| URL | Tags | ||
|---|---|---|---|
| twcert@cert.org.tw | https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | bluetooth_mesh_software_development_kit | * | |
| android | - | ||
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realtek:bluetooth_mesh_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63ABFA90-24E0-4607-BB05-90ECA0A7639C",
"versionEndIncluding": "4.17-4.17-20220127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets\u2019 shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
},
{
"lang": "es",
"value": "Realtek Linux/Android Bluetooth Mesh SDK presenta una vulnerabilidad de desbordamiento de b\u00fafer debido a una comprobaci\u00f3n insuficiente de la longitud del par\u00e1metro de desplazamiento de los paquetes segmentados. Un atacante no autenticado en la red adyacente puede aprovechar esta vulnerabilidad para causar un desbordamiento del b\u00fafer e interrumpir el servicio"
}
],
"id": "CVE-2022-26528",
"lastModified": "2024-11-21T06:54:07.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
}
]
},
"published": "2022-08-30T05:15:07.847",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26529
Vulnerability from fkie_nvd - Published: 2022-08-30 05:15 - Updated: 2024-11-21 06:54
Severity
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
References
| URL | Tags | ||
|---|---|---|---|
| twcert@cert.org.tw | https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realtek | bluetooth_mesh_software_development_kit | * | |
| android | - | ||
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realtek:bluetooth_mesh_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63ABFA90-24E0-4607-BB05-90ECA0A7639C",
"versionEndIncluding": "4.17-4.17-20220127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets\u2019 link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
},
{
"lang": "es",
"value": "Realtek Linux/Android Bluetooth Mesh SDK presenta una vulnerabilidad de desbordamiento de b\u00fafer debido a que no se comprueba suficientemente el par\u00e1metro de enlace de los paquetes segmentados. Un atacante no autenticado en la red adyacente puede explotar esta vulnerabilidad para causar un desbordamiento del b\u00fafer e interrumpir el servicio"
}
],
"id": "CVE-2022-26529",
"lastModified": "2024-11-21T06:54:07.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
}
]
},
"published": "2022-08-30T05:15:07.907",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-26529 (GCVE-0-2022-26529)
Vulnerability from cvelistv5 – Published: 2022-08-30 04:25 – Updated: 2024-09-17 01:46
VLAI
Title
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
Severity
6.5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Linux/Android Bluetooth Mesh SDK |
Affected:
unspecified , ≤ 4.17-4.17-20220127
(custom)
|
Date Public
2022-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:33.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux/Android Bluetooth Mesh SDK",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "4.17-4.17-20220127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets\u2019 link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T04:25:26.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205004",
"discovery": "EXTERNAL"
},
"title": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T04:02:00.000Z",
"ID": "CVE-2022-26529",
"STATE": "PUBLIC",
"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux/Android Bluetooth Mesh SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.17-4.17-20220127"
}
]
}
}
]
},
"vendor_name": "Realtek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets\u2019 link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26529",
"datePublished": "2022-08-30T04:25:26.637Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:46:15.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26528 (GCVE-0-2022-26528)
Vulnerability from cvelistv5 – Published: 2022-08-30 04:25 – Updated: 2024-09-16 20:27
VLAI
Title
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
Severity
6.5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Linux/Android Bluetooth Mesh SDK |
Affected:
unspecified , ≤ 4.17-4.17-20220127
(custom)
|
Date Public
2022-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux/Android Bluetooth Mesh SDK",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "4.17-4.17-20220127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets\u2019 shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T04:25:25.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205003",
"discovery": "EXTERNAL"
},
"title": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T04:02:00.000Z",
"ID": "CVE-2022-26528",
"STATE": "PUBLIC",
"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux/Android Bluetooth Mesh SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.17-4.17-20220127"
}
]
}
}
]
},
"vendor_name": "Realtek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets\u2019 shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26528",
"datePublished": "2022-08-30T04:25:25.740Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:27:50.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25635 (GCVE-0-2022-25635)
Vulnerability from cvelistv5 – Published: 2022-08-30 04:25 – Updated: 2024-09-16 16:44
VLAI
Title
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.
Severity
6.5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Linux/Android Bluetooth Mesh SDK |
Affected:
unspecified , ≤ 4.17-4.17-20220127
(custom)
|
Date Public
2022-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux/Android Bluetooth Mesh SDK",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "4.17-4.17-20220127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T04:25:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205001",
"discovery": "EXTERNAL"
},
"title": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T03:58:00.000Z",
"ID": "CVE-2022-25635",
"STATE": "PUBLIC",
"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux/Android Bluetooth Mesh SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.17-4.17-20220127"
}
]
}
}
]
},
"vendor_name": "Realtek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-25635",
"datePublished": "2022-08-30T04:25:24.051Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:44:07.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26527 (GCVE-0-2022-26527)
Vulnerability from cvelistv5 – Published: 2022-08-30 04:25 – Updated: 2024-09-16 17:02
VLAI
Title
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
Severity
6.5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Linux/Android Bluetooth Mesh SDK |
Affected:
unspecified , ≤ 4.17-4.17-20220127
(custom)
|
Date Public
2022-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux/Android Bluetooth Mesh SDK",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "4.17-4.17-20220127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets\u2019 reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T04:25:24.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205002",
"discovery": "EXTERNAL"
},
"title": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T04:01:00.000Z",
"ID": "CVE-2022-26527",
"STATE": "PUBLIC",
"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux/Android Bluetooth Mesh SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.17-4.17-20220127"
}
]
}
}
]
},
"vendor_name": "Realtek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets\u2019 reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26527",
"datePublished": "2022-08-30T04:25:24.948Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:02:52.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26529 (GCVE-0-2022-26529)
Vulnerability from nvd – Published: 2022-08-30 04:25 – Updated: 2024-09-17 01:46
VLAI
Title
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
Severity
6.5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Linux/Android Bluetooth Mesh SDK |
Affected:
unspecified , ≤ 4.17-4.17-20220127
(custom)
|
Date Public
2022-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:33.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux/Android Bluetooth Mesh SDK",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "4.17-4.17-20220127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets\u2019 link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T04:25:26.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205004",
"discovery": "EXTERNAL"
},
"title": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T04:02:00.000Z",
"ID": "CVE-2022-26529",
"STATE": "PUBLIC",
"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux/Android Bluetooth Mesh SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.17-4.17-20220127"
}
]
}
}
]
},
"vendor_name": "Realtek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets\u2019 link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26529",
"datePublished": "2022-08-30T04:25:26.637Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:46:15.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26528 (GCVE-0-2022-26528)
Vulnerability from nvd – Published: 2022-08-30 04:25 – Updated: 2024-09-16 20:27
VLAI
Title
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
Severity
6.5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Linux/Android Bluetooth Mesh SDK |
Affected:
unspecified , ≤ 4.17-4.17-20220127
(custom)
|
Date Public
2022-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux/Android Bluetooth Mesh SDK",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "4.17-4.17-20220127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets\u2019 shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T04:25:25.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205003",
"discovery": "EXTERNAL"
},
"title": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T04:02:00.000Z",
"ID": "CVE-2022-26528",
"STATE": "PUBLIC",
"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux/Android Bluetooth Mesh SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.17-4.17-20220127"
}
]
}
}
]
},
"vendor_name": "Realtek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets\u2019 shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26528",
"datePublished": "2022-08-30T04:25:25.740Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:27:50.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25635 (GCVE-0-2022-25635)
Vulnerability from nvd – Published: 2022-08-30 04:25 – Updated: 2024-09-16 16:44
VLAI
Title
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.
Severity
6.5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Linux/Android Bluetooth Mesh SDK |
Affected:
unspecified , ≤ 4.17-4.17-20220127
(custom)
|
Date Public
2022-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux/Android Bluetooth Mesh SDK",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "4.17-4.17-20220127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T04:25:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205001",
"discovery": "EXTERNAL"
},
"title": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T03:58:00.000Z",
"ID": "CVE-2022-25635",
"STATE": "PUBLIC",
"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux/Android Bluetooth Mesh SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.17-4.17-20220127"
}
]
}
}
]
},
"vendor_name": "Realtek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-25635",
"datePublished": "2022-08-30T04:25:24.051Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:44:07.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26527 (GCVE-0-2022-26527)
Vulnerability from nvd – Published: 2022-08-30 04:25 – Updated: 2024-09-16 17:02
VLAI
Title
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Summary
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
Severity
6.5 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Realtek | Linux/Android Bluetooth Mesh SDK |
Affected:
unspecified , ≤ 4.17-4.17-20220127
(custom)
|
Date Public
2022-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux/Android Bluetooth Mesh SDK",
"vendor": "Realtek",
"versions": [
{
"lessThanOrEqual": "4.17-4.17-20220127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets\u2019 reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T04:25:24.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205002",
"discovery": "EXTERNAL"
},
"title": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T04:01:00.000Z",
"ID": "CVE-2022-26527",
"STATE": "PUBLIC",
"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux/Android Bluetooth Mesh SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.17-4.17-20220127"
}
]
}
}
]
},
"vendor_name": "Realtek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets\u2019 reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
}
],
"source": {
"advisory": "TVN-202205002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26527",
"datePublished": "2022-08-30T04:25:24.948Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:02:52.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}