CVE-2019-16336 - OpenCVE

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cypress	Cybl11573 Cyble-416045

Configuration 1 [-]

AND

cpe:2.3:a:cypress:cyble-416045:*:*:*:*:*:*:*:*

cpe:2.3:h:cypress:cyble-416045:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:cypress:cybl11573:*:*:*:*:*:*:*:*

cpe:2.3:h:cypress:cybl11573:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://asset-group.github.io/disclosures/sweyntooth/
https://community.cypress.com/thread/48573
https://community.cypress.com/thread/53680
https://www.youtube.com/watch?v=Iw8sIBLWE_w

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-12T17:59:37

Updated: 2024-08-05T01:10:41.667Z

Reserved: 2019-09-15T00:00:00

Link: CVE-2019-16336

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-12T18:15:10.393

Modified: 2022-01-01T19:51:57.407

Link: CVE-2019-16336

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-13T14:59:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.cypress.com/thread/48573"}, {"tags": ["x_refsource_MISC"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w"}, {"tags": ["x_refsource_MISC"], "url": "https://community.cypress.com/thread/53680"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16336", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://community.cypress.com/thread/48573", "refsource": "MISC", "url": "https://community.cypress.com/thread/48573"}, {"name": "https://asset-group.github.io/disclosures/sweyntooth/", "refsource": "MISC", "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"name": "https://www.youtube.com/watch?v=Iw8sIBLWE_w", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w"}, {"name": "https://community.cypress.com/thread/53680", "refsource": "MISC", "url": "https://community.cypress.com/thread/53680"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.667Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.cypress.com/thread/48573"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.cypress.com/thread/53680"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16336", "datePublished": "2020-02-12T17:59:37", "dateReserved": "2019-09-15T00:00:00", "dateUpdated": "2024-08-05T01:10:41.667Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cypress:cyble-416045:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCB98EF1-F8AF-40E9-9976-F6C69139BFD3", "versionEndIncluding": "2.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cypress:cyble-416045:-:*:*:*:*:*:*:*", "matchCriteriaId": "63B8873A-0D8A-4ADE-BB3A-267CF252CA73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cypress:cybl11573:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CEE30B6-0B17-42F0-A958-4F9C253429D0", "versionEndIncluding": "3.61", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cypress:cybl11573:-:*:*:*:*:*:*:*", "matchCriteriaId": "712E6D55-CD62-4177-8FB1-F2E1C806CD0B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame."}, {"lang": "es", "value": "La implementaci\u00f3n de Bluetooth Low Energy en el plugin Cypress PSoC 4 BLE versiones 3.61 y anteriores, procesa tramas de canal de datos con una longitud de carga \u00fatil mayor que el tama\u00f1o de carga \u00fatil RX m\u00e1ximo de la capa de enlace configurada, lo que permite a atacantes (dentro del radio de alcance) causar una denegaci\u00f3n de servicio (bloqueo) por medio de una trama BLE Link Layer dise\u00f1ado."}], "id": "CVE-2019-16336", "lastModified": "2022-01-01T19:51:57.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-12T18:15:10.393", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://asset-group.github.io/disclosures/sweyntooth/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.cypress.com/thread/48573"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.cypress.com/thread/53680"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=Iw8sIBLWE_w"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}