Vulnerabilities > Cypress

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-34145 Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices 2.9.0
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.
high complexity
cypress
5.3
2021-09-07 CVE-2021-34146 Unspecified vulnerability in Cypress Cyw20735B1 Firmware and Cyw920735Q60Evb-01 Firmware
The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.
low complexity
cypress
6.5
2021-09-07 CVE-2021-34147 Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices 2.9.0
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress.
low complexity
cypress
6.5
2021-09-07 CVE-2021-34148 Unspecified vulnerability in Cypress Wireless Internet Connectivity for Embedded Devices 2.9.0
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.
low complexity
cypress
6.5
2020-06-16 CVE-2019-18614 Out-of-bounds Write vulnerability in Cypress Cyw20735 Firmware
On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow.
local
low complexity
cypress CWE-787
7.8
2020-06-09 CVE-2020-11957 Insufficient Entropy vulnerability in Cypress Psoc 4.2 BLE
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing.
high complexity
cypress CWE-331
7.5
2020-04-13 CVE-2019-13916 Out-of-bounds Write vulnerability in Cypress Wiced Studio 6.2
An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1.
low complexity
cypress CWE-787
8.8
2020-02-12 CVE-2019-16336 Classic Buffer Overflow vulnerability in Cypress Cybl11573 and Cyble-416045
The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.
low complexity
cypress CWE-120
6.5
2020-02-10 CVE-2019-17061 Classic Buffer Overflow vulnerability in Cypress Psoc 4 BLE 3.62
The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero.
low complexity
cypress CWE-120
6.5
2019-06-07 CVE-2018-19860 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
low complexity
broadcom cypress CWE-732
8.8