cvelist/2022/26xxx/CVE-2022-26527.json

{
    "CVE_data_meta": {
        "AKA": "TWCERT/CC",
        "ASSIGNER": "cve@cert.org.tw",
        "DATE_PUBLIC": "2022-08-30T04:01:00.000Z",
        "ID": "CVE-2022-26527",
        "STATE": "PUBLIC",
        "TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Linux/Android Bluetooth Mesh SDK",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "4.17-4.17-20220127"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Realtek"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets\u2019 reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-120 Buffer Overflow"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html",
                "name": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"
        }
    ],
    "source": {
        "advisory": "TVN-202205002",
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2022-03-10 17:24:25 +00:00			`{`
			`"CVE_data_meta": {`
Add TWCERT/CC CVE-2022-25635 CVE-2022-26527 CVE-2022-26528 CVE-2022-26529 CVE-2022-38116 CVE-2022-38118 2022-08-30 12:21:01 +08:00			`"AKA": "TWCERT/CC",`
			`"ASSIGNER": "cve@cert.org.tw",`
			`"DATE_PUBLIC": "2022-08-30T04:01:00.000Z",`
"-Synchronized-Data." 2022-03-10 17:24:25 +00:00			`"ID": "CVE-2022-26527",`
Add TWCERT/CC CVE-2022-25635 CVE-2022-26527 CVE-2022-26528 CVE-2022-26529 CVE-2022-38116 CVE-2022-38118 2022-08-30 12:21:01 +08:00			`"STATE": "PUBLIC",`
			`"TITLE": "Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow"`
"-Synchronized-Data." 2022-03-10 17:24:25 +00:00			`},`
Add TWCERT/CC CVE-2022-25635 CVE-2022-26527 CVE-2022-26528 CVE-2022-26529 CVE-2022-38116 CVE-2022-38118 2022-08-30 12:21:01 +08:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Linux/Android Bluetooth Mesh SDK",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "4.17-4.17-20220127"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Realtek"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-03-10 17:24:25 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-08-30 05:00:39 +00:00			`"value": "Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets\u2019 reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service."`
Add TWCERT/CC CVE-2022-25635 CVE-2022-26527 CVE-2022-26528 CVE-2022-26529 CVE-2022-38116 CVE-2022-38118 2022-08-30 12:21:01 +08:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-120 Buffer Overflow"`
			`}`
			`]`
"-Synchronized-Data." 2022-03-10 17:24:25 +00:00			`}`
			`]`
Add TWCERT/CC CVE-2022-25635 CVE-2022-26527 CVE-2022-26528 CVE-2022-26529 CVE-2022-38116 CVE-2022-38118 2022-08-30 12:21:01 +08:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-08-30 05:00:39 +00:00			`"refsource": "MISC",`
			`"url": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html",`
			`"name": "https://www.twcert.org.tw/tw/cp-132-6457-66bc9-1.html"`
Add TWCERT/CC CVE-2022-25635 CVE-2022-26527 CVE-2022-26528 CVE-2022-26529 CVE-2022-38116 CVE-2022-38118 2022-08-30 12:21:01 +08:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218"`
			`}`
			`],`
			`"source": {`
			`"advisory": "TVN-202205002",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2022-03-10 17:24:25 +00:00			`}`
			`}`