Description
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.
References
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
Technical DescriptionThird Party Advisory
https://www.silabs.com/wireless/bluetooth/bluegiga-classic-legacy-modules/device.wt32i-a
ProductVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-09-07T07:15:06.940
3 years agoLast modified
2021-09-20T12:04:53.323
3 years ago