Vulnerabilities > CVE-2018-16986 - Out-of-bounds Write vulnerability in TI Ble-Stack 3.0.0
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| Hardware | Ti
| 4 |
Common Weakness Enumeration (CWE)
The Hacker News
| id | THN:8A584D8B16477D29452519523E98350A |
| last seen | 2018-11-01 |
| modified | 2018-11-01 |
| published | 2018-11-01 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2018/11/bluetooth-chip-hacking.html |
| title | Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks |
References
- http://e2e.ti.com/support/wireless-connectivity/bluetooth/f/538/t/742827
- http://www.securityfocus.com/bid/105812
- http://www.securitytracker.com/id/1042018
- https://armis.com/bleedingbit/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap
- https://www.kb.cert.org/vuls/id/317277