CVE-2022-26528
MEDIUMRealtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow
Title source: llmDescription
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-6458-5052f-1.html
Scores
CVSS v3
6.5
EPSS
0.0018
EPSS Percentile
38.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (1)
realtek/bluetooth_mesh_software_development_kit
< 4.17-4.17-20220127
Published
Aug 30, 2022
Tracked Since
Feb 18, 2026