CVE-2019-17520
MEDIUMTI Cc2640r2 Software Development Kit < 3.30.00.20 - Buffer Overflow
Title source: ruleDescription
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
http://www.ti.com/tool/LAUNCHXL-CC2640R2
Third Party Advisory x_refsource_misc
https://asset-group.github.io/disclosures/sweyntooth/
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=Iw8sIBLWE_w
Scores
CVSS v3
6.5
EPSS
0.0015
EPSS Percentile
35.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (1)
ti/cc2640r2_software_development_kit
< 3.30.00.20
Published
Feb 10, 2020
Tracked Since
Feb 18, 2026