Description
The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://asset-group.github.io/disclosures/sweyntooth/
Scores
CVSS v3
6.5
EPSS
0.0104
EPSS Percentile
59.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (2)
st/bluenrg-2
< 1.3.1
st/wb55
< 1.3.1
Published
Feb 12, 2020
Tracked Since
Feb 18, 2026