Headline
CVE-2022-26528: Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow-2
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
:::
- 首頁
- 資安服務
- 台灣漏洞揭露平台 (TVN)
- TVN (Taiwan Vulnerability Note) 漏洞公告
TVN ID
TVN-202205003
CVE ID
CVE-2022-26528
CVSS
6.5 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
影響產品
Realtek Linux/Android Bluetooth Mesh SDK older than v4.17-4.17-20220127
問題描述
Realtek Linux/Android Bluetooth Mesh SDK未對segmented packets之位移參數進行檢查,導致封包寫入超過buffer長度的位址,造成Buffer Overflow漏洞。相鄰網路內的攻擊者不須權限,即可利用該漏洞中斷服務。
解決方法
Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218
漏洞通報者
Realtek
公開日期
2022-08-30