CVE-2022-31364: Buffer Overflow
First published: Wed Feb 01 2023(Updated: )
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Infineon Cypress Bluetooth Mesh Software Development Kit | =bsa0107_05.01.00-bx8-amesh-08 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-31364.
What is the severity of CVE-2022-31364?
The severity of CVE-2022-31364 is high with a CVSS score of 8.8.
What is the affected software in this vulnerability?
The affected software in this vulnerability is Infineon Cypress Bluetooth Mesh Software Development Kit (version bsa0107_05.01.00-bx8-amesh-08).
What is the impact of CVE-2022-31364?
The impact of CVE-2022-31364 is the ability to execute arbitrary code remotely.
Are there any references available for more information?
Yes, you can find more information about CVE-2022-31364 at this [link](https://docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/infineon
- canonical/infineon cypress bluetooth mesh software development kit
- version/infineon cypress bluetooth mesh software development kit/bsa0107_05.01.00-bx8-amesh-08