CVE-2019-17519

HIGH

NXP Mcuxpresso Software Development Kit < 2.2.1 - Buffer Overflow

Title source: rule
STIX 2.1

Description

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://asset-group.github.io/disclosures/sweyntooth/

Scores

CVSS v3 8.8
EPSS 0.0008
EPSS Percentile 22.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (1)
nxp/mcuxpresso_software_development_kit < 2.2.1
Published Feb 12, 2020
Tracked Since Feb 18, 2026