Details of VAR-202208-2216

ID

VAR-202208-2216

CVE

CVE-2022-25635

TITLE

Realtek Semiconductor Corp of bluetooth mesh software development kit Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015797

DESCRIPTION

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service. Realtek Semiconductor Corp of bluetooth mesh software development kit Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-25635 // JVNDB: JVNDB-2022-015797

IOT TAXONOMY

category:

['network device']

sub_category:

bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	realtek	model:	bluetooth mesh software development kit	scope:	lte	version:	4.17-4.17-20220127	Trust: 1.0
vendor:	realtek semiconductor corp	model:	bluetooth mesh software development kit	scope:	-	version:	-	Trust: 0.8
vendor:	realtek semiconductor corp	model:	bluetooth mesh software development kit	scope:	lte	version:	4.17-4.17-20220127 and earlier	Trust: 0.8
vendor:	realtek semiconductor corp	model:	bluetooth mesh software development kit	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015797 // NVD: CVE-2022-25635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25635
value:	MEDIUM
Trust: 1.0
twcert@cert.org.tw:	CVE-2022-25635
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-25635
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-4427
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-25635
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-25635
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015797 // CNNVD: CNNVD-202208-4427 // NVD: CVE-2022-25635 // NVD: CVE-2022-25635

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-015797 // NVD: CVE-2022-25635

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202208-4427

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-4427

PATCH

title:

Realtek Linux/Android Bluetooth Mesh SDK Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206427

Trust: 0.6

sources: CNNVD: CNNVD-202208-4427

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25635	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-015797	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-4427	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-015797 // CNNVD: CNNVD-202208-4427 // NVD: CVE-2022-25635

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25635	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25635/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-015797 // CNNVD: CNNVD-202208-4427 // NVD: CVE-2022-25635

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2022-015797
db:	CNNVD	id:	CNNVD-202208-4427
db:	NVD	id:	CVE-2022-25635

LAST UPDATE DATE

2025-01-30T20:07:45.561000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-015797	date:	2023-09-28T08:10:00
db:	CNNVD	id:	CNNVD-202208-4427	date:	2022-09-02T00:00:00
db:	NVD	id:	CVE-2022-25635	date:	2022-09-01T20:41:53.687

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-015797	date:	2023-09-28T00:00:00
db:	CNNVD	id:	CNNVD-202208-4427	date:	2022-08-30T00:00:00
db:	NVD	id:	CVE-2022-25635	date:	2022-08-30T05:15:07.437