Sign-up

ID

VAR-202208-2358


CVE

CVE-2022-26527


TITLE

Realtek Semiconductor Corp  of  bluetooth mesh software development kit  Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015793

DESCRIPTION

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. Realtek Semiconductor Corp of bluetooth mesh software development kit Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-26527 // JVNDB: JVNDB-2022-015793

IOT TAXONOMY

category:['network device']sub_category:bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:realtekmodel:bluetooth mesh software development kitscope:lteversion:4.17-4.17-20220127

Trust: 1.0

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope: - version: -

Trust: 0.8

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope:lteversion:4.17-4.17-20220127 and earlier

Trust: 0.8

vendor:realtek semiconductor corpmodel:bluetooth mesh software development kitscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015793 // NVD: CVE-2022-26527

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw: CVE-2022-26527
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-015793
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202208-4424
value: MEDIUM

Trust: 0.6

twcert@cert.org.tw: CVE-2022-26527
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-015793
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015793 // CNNVD: CNNVD-202208-4424 // NVD: CVE-2022-26527

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-015793 // NVD: CVE-2022-26527

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202208-4424

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-4424

PATCH

title:Realtek Linux/Android Bluetooth Mesh SDK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206131

Trust: 0.6

sources: CNNVD: CNNVD-202208-4424

EXTERNAL IDS

db:NVDid:CVE-2022-26527

Trust: 3.3

db:JVNDBid:JVNDB-2022-015793

Trust: 0.8

db:CNNVDid:CNNVD-202208-4424

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-015793 // CNNVD: CNNVD-202208-4424 // NVD: CVE-2022-26527

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-26527

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-26527/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-015793 // CNNVD: CNNVD-202208-4424 // NVD: CVE-2022-26527

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2022-015793
db:CNNVDid:CNNVD-202208-4424
db:NVDid:CVE-2022-26527

LAST UPDATE DATE

2025-01-30T22:05:22.705000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-015793date:2023-09-28T08:10:00
db:CNNVDid:CNNVD-202208-4424date:2022-09-05T00:00:00
db:NVDid:CVE-2022-26527date:2022-09-02T20:19:41.113

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-015793date:2023-09-28T00:00:00
db:CNNVDid:CNNVD-202208-4424date:2022-08-30T00:00:00
db:NVDid:CVE-2022-26527date:2022-08-30T05:15:07.783