Sign-up

ID

VAR-202004-0826


CVE

CVE-2019-13916


TITLE

Cypress WICED Studio Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015446

DESCRIPTION

An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. As a Bluetooth Low Energy (BLE) packet is received, it is copied into a Heap (ThreadX Block) buffer. The buffer allocated in dhmulp_getRxBuffer is four bytes too small to hold the maximum of 255 bytes plus headers. It is possible to corrupt a pointer in the linked list holding the free buffers of the g_mm_BLEDeviceToHostPool Block pool. This pointer can be fully controlled by overflowing with 3 bytes of packet data and the first byte of the packet CRC checksum. The checksum can be freely chosen by adapting the packet data accordingly. An attacker might be able to allocate the overwritten address as a receive buffer resulting in a write-what-where condition. This is fixed in BT SDK2.4 and BT SDK2.45. Cypress ( Old Broadcom) WICED Studio Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cypress Semiconductor WICED Studio is an Internet of Things (IoT) SDK (software development kit) that combines Wi-Fi and Bluetooth into a single integrated development environment by Cypress Semiconductor. There is a buffer error vulnerability in Cypress Semiconductor WICED Studio 6.2 version CYW20735B1 and CYW20819A1. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow

Trust: 2.7

sources: NVD: CVE-2019-13916 // JVNDB: JVNDB-2019-015446 // CNVD: CNVD-2020-22852 // CNNVD: CNNVD-202004-625

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['other device']sub_category:general

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-22852

AFFECTED PRODUCTS

vendor:cypressmodel:wiced studioscope:eqversion:6.2

Trust: 1.8

vendor:cypressmodel:semiconductor wiced studio cyw20735b1scope:eqversion:6.2

Trust: 0.6

vendor:cypressmodel:semiconductor wiced studio cyw20819a1scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-22852 // JVNDB: JVNDB-2019-015446 // NVD: CVE-2019-13916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13916
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015446
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22852
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-625
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-13916
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015446
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-22852
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-13916
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015446
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22852 // JVNDB: JVNDB-2019-015446 // CNNVD: CNNVD-202004-625 // NVD: CVE-2019-13916

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-015446 // NVD: CVE-2019-13916

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-625

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-625

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015446

PATCH
title:Top Pageurl:https://www.cypress.com/
Trust: 0.8
title:Patch for Cypress Semiconductor WICED Studio buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213851
Trust: 0.6
title:Cypress Semiconductor WICED Studio Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116833
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22852 // 
            
            
            
            JVNDB: JVNDB-2019-015446 // 
            
            
            
            CNNVD: CNNVD-202004-625

EXTERNAL IDS
db:NVDid:CVE-2019-13916
Trust: 3.1
db:JVNDBid:JVNDB-2019-015446
Trust: 0.8
db:CNVDid:CNVD-2020-22852
Trust: 0.6
db:CNNVDid:CNNVD-202004-625
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-22852 // 
            
            
            
            JVNDB: JVNDB-2019-015446 // 
            
            
            
            CNNVD: CNNVD-202004-625 // 
            
            
            
            NVD: CVE-2019-13916

REFERENCES
url:https://github.com/seemoo-lab/frankenstein/blob/master/doc/cve_2019_13916.md
Trust: 2.4
url:https://community.cypress.com/thread/53681
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-13916
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13916
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-015446 // 
            
            
            
            CNNVD: CNNVD-202004-625 // 
            
            
            
            NVD: CVE-2019-13916

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-22852
db:JVNDBid:JVNDB-2019-015446
db:CNNVDid:CNNVD-202004-625
db:NVDid:CVE-2019-13916

LAST UPDATE DATE
2025-01-30T22:24:59.826000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22852date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2019-015446date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-625date:2020-04-26T00:00:00
db:NVDid:CVE-2019-13916date:2024-11-21T04:25:41.560

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22852date:2020-04-14T00:00:00
db:JVNDBid:JVNDB-2019-015446date:2020-05-20T00:00:00
db:CNNVDid:CNNVD-202004-625date:2020-04-13T00:00:00
db:NVDid:CVE-2019-13916date:2020-04-13T17:15:10.877