### [CVE-2020-15531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15531)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.

### POC

#### Reference
- https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py
- https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py
- https://www.youtube.com/watch?v=saoTr1NwdzM
- https://www.youtube.com/watch?v=saoTr1NwdzM

#### Github
- https://github.com/sgxgsx/BlueToolkit