Vulnerabilities > CVE-2022-31363 - Out-of-bounds Write vulnerability in Infineon Cypress Bluetooth Mesh Software Development KIT Bsa010705.01.00Bx8Amesh08

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

infineon

CWE-787

NVD

Published: 2023-02-01

Updated: 2023-02-09

Summary

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.

Vulnerable Configurations

Part	Description	Count
Application	Infineon Infineon Cypress Bluetooth Mesh Software Development KIT Bsa0107_05.01.00-Bx8-Amesh-08	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://docs.google.com/document/d/1iSZze8Ig6HZVsrldmXw0bibZLGMMTU5w/edit