Sign-up

ID

VAR-202208-2314


CVE

CVE-2022-26529


TITLE

Realtek Semiconductor Corp  of  bluetooth mesh software development kit  Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015791

DESCRIPTION

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. Realtek Semiconductor Corp of bluetooth mesh software development kit Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-26529 // JVNDB: JVNDB-2022-015791

IOT TAXONOMY

category:['network device']sub_category:bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:realtekmodel:bluetooth mesh software development kitscope:lteversion:4.17-4.17-20220127

Trust: 1.0

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope: - version: -

Trust: 0.8

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope:lteversion:4.17-4.17-20220127 and earlier

Trust: 0.8

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015791 // NVD: CVE-2022-26529

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw: CVE-2022-26529
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-015791
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202208-4423
value: MEDIUM

Trust: 0.6

twcert@cert.org.tw: CVE-2022-26529
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-015791
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015791 // CNNVD: CNNVD-202208-4423 // NVD: CVE-2022-26529

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-015791 // NVD: CVE-2022-26529

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202208-4423

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-4423

PATCH

title:Realtek Linux/Android Bluetooth Mesh SDK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206130

Trust: 0.6

sources: CNNVD: CNNVD-202208-4423

EXTERNAL IDS

db:NVDid:CVE-2022-26529

Trust: 3.3

db:JVNDBid:JVNDB-2022-015791

Trust: 0.8

db:CNNVDid:CNNVD-202208-4423

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-015791 // CNNVD: CNNVD-202208-4423 // NVD: CVE-2022-26529

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-6459-09c82-1.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-26529

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-26529/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-015791 // CNNVD: CNNVD-202208-4423 // NVD: CVE-2022-26529

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2022-015791
db:CNNVDid:CNNVD-202208-4423
db:NVDid:CVE-2022-26529

LAST UPDATE DATE

2025-01-30T21:15:06.539000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-015791date:2023-09-28T08:10:00
db:CNNVDid:CNNVD-202208-4423date:2022-09-05T00:00:00
db:NVDid:CVE-2022-26529date:2022-09-02T20:09:13.893

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-015791date:2023-09-28T00:00:00
db:CNNVDid:CNNVD-202208-4423date:2022-08-30T00:00:00
db:NVDid:CVE-2022-26529date:2022-08-30T05:15:07.907