Update description and add Bluetooth SIG reference

2025-06-08 05:58:08 +00:00 · 2019-08-14 10:33:56 -04:00 · 2019-08-14 10:33:56 -04:00 · 782fcb946a
commit 782fcb946a
parent 15247bea84
1 changed files with 9 additions and 4 deletions
--- a/2019/9xxx/CVE-2019-9506.json
+++ b/2019/9xxx/CVE-2019-9506.json
@ -5,7 +5,7 @@
        "DATE_PUBLIC": "2019-08-14",
        "ID": "CVE-2019-9506",
        "STATE": "PUBLIC",
-        "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key entropy"
+        "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
    },
    "affects": {
        "vendor": {
@ -46,7 +46,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low entropy in the encryption key negotiation protocol to allow practical brute-force attacks (aka \"KNOB\"). A successful attack can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
+                "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
            }
        ]
    },
@ -97,6 +97,11 @@
                "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
                "refsource": "MISC",
                "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
+			},
+			{
+				"name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
+			    "refsource": "CONFIRM",
+			    "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
 			}
 		]
    },