Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-26527: Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow-1

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.

CVE
Open in Source
#vulnerability#android#linux#buffer_overflow#auth

:::

  • 首頁
  • 資安服務
  • 台灣漏洞揭露平台 (TVN)
  • TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202205002

CVE ID

CVE-2022-26527

CVSS

6.5 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

影響產品

Realtek Linux/Android Bluetooth Mesh SDK older than v4.17-4.17-20220127

問題描述

Realtek Linux/Android Bluetooth Mesh SDK未對segmented packets之索引參數內容進行檢查,導致預期外的封包寫入記憶體,而溢出預先配置的buffer長度,造成Buffer Overflow漏洞。相鄰網路內的攻擊者不須權限,即可利用該漏洞中斷服務。

解決方法

Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218

漏洞通報者

Realtek

公開日期

2022-08-30

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE