Vulnerabilities > CVE-2018-16986 - Out-of-bounds Write vulnerability in TI Ble-Stack
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 | |
Hardware | Ti
| 4 |
Common Weakness Enumeration (CWE)
The Hacker News
id | THN:8A584D8B16477D29452519523E98350A |
last seen | 2018-11-01 |
modified | 2018-11-01 |
published | 2018-11-01 |
reporter | The Hacker News |
source | https://thehackernews.com/2018/11/bluetooth-chip-hacking.html |
title | Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks |
References
- http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827
- http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827
- http://www.securityfocus.com/bid/105812
- http://www.securityfocus.com/bid/105812
- http://www.securitytracker.com/id/1042018
- http://www.securitytracker.com/id/1042018
- https://armis.com/bleedingbit/
- https://armis.com/bleedingbit/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap
- https://www.kb.cert.org/vuls/id/317277
- https://www.kb.cert.org/vuls/id/317277