CVE-2019-17517
MEDIUMDialog-semiconductor Software Development Kit - Buffer Overflow
Title source: ruleDescription
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.dialog-semiconductor.com/products/connectivity/bluetooth-low-energy/smartbond-da14580-and-da14583
Third Party Advisory x_refsource_misc
https://asset-group.github.io/disclosures/sweyntooth/
Scores
CVSS v3
5.7
EPSS
0.0022
EPSS Percentile
44.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (1)
dialog-semiconductor/software_development_kit
< 5.0.4
Published
Feb 10, 2020
Tracked Since
Feb 18, 2026