CVE-2019-16336

MEDIUM Year: 2019
CVSS v3 Score
6.5
Medium
CVSS v2 Score
3.3
Low
Weakness Type
CWE-120
View all →

Vulnerability Description

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.

Related Vulnerabilities

CVE-2014-1617

MEDIUM
CVSS:6.5(Medium)

Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.

CWE-1202014

CVE-2015-5745

MEDIUM
CVSS:6.5(Medium)

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control m...

CWE-1202015

CVE-2017-2633

MEDIUM
CVSS:6.5(Medium)

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_...

CWE-1202017

CVE-2018-14652

MEDIUM
CVSS:6.5(Medium)

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' ...

CWE-1202018

CVE-2019-17060

MEDIUM
CVSS:6.5(Medium)

The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer head...

CWE-1202019

CVE-2019-17061

MEDIUM
CVSS:6.5(Medium)

The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a pa...

CWE-1202019