CVE-2019-17061: Buffer Overflow
First published: Mon Feb 10 2020(Updated: )
The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cypress Psoc 4 Ble | <=3.62 | |
| Cypress PSoC 4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-17061?
CVE-2019-17061 is a vulnerability in the Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices.
What is the severity of CVE-2019-17061?
CVE-2019-17061 has a severity rating of 6.5 (Medium).
How does CVE-2019-17061 impact Cypress PSoC 4 Ble devices?
CVE-2019-17061 allows attackers within radio range to cause denial of service or execute arbitrary code on Cypress PSoC 4 Ble devices.
What is the affected software by CVE-2019-17061?
The affected software by CVE-2019-17061 is Cypress PSoC 4 Ble with version up to and including 3.62.
How can I fix CVE-2019-17061?
To fix CVE-2019-17061, it is recommended to update the Cypress PSoC 4 Ble devices to a patched version provided by Cypress.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/cypress
- canonical/cypress psoc 4 ble
- version/cypress psoc 4 ble/3.62
- canonical/cypress psoc 4