Vulnerability Description
The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cypress | Cyble-416045 | <= 2.10 |
| Cypress | Cybl11573 | <= 3.61 |
Related Weaknesses (CWE)
References
- https://asset-group.github.io/disclosures/sweyntooth/ExploitThird Party Advisory
- https://community.cypress.com/thread/48573Vendor Advisory
- https://community.cypress.com/thread/53680Vendor Advisory
- https://www.youtube.com/watch?v=Iw8sIBLWE_wExploitThird Party Advisory
- https://asset-group.github.io/disclosures/sweyntooth/ExploitThird Party Advisory
- https://community.cypress.com/thread/48573Vendor Advisory
- https://community.cypress.com/thread/53680Vendor Advisory
- https://www.youtube.com/watch?v=Iw8sIBLWE_wExploitThird Party Advisory
FAQ
What is CVE-2019-16336?
CVE-2019-16336 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload si...
How severe is CVE-2019-16336?
CVE-2019-16336 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16336?
Check the references section above for vendor advisories and patch information. Affected products include: Cypress Cyble-416045, Cypress Cybl11573.