Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-19192

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.

Published

2020-02-12T19:15:14.110

Last Modified

2024-11-21T04:34:17.740

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	st	wb55	≤ 1.3.1	Yes
Hardware	st	wb55	-	No
Application	st	bluenrg-2	≤ 1.3.1	Yes
Hardware	st	bluenrg-2	-	No

References

https://asset-group.github.io/disclosures/sweyntooth/ Exploit, Third Party Advisory ([email protected])
https://asset-group.github.io/disclosures/sweyntooth/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)