CVE-2022-25635

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6456-fc6c5-1.html Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:realtek:bluetooth_mesh_software_development_kit:*:*:*:*:*:*:*:*
OR cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

01 Sep 2022, 20:41

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-30 05:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-25635

Mitre link : CVE-2022-25635

CVE.ORG link : CVE-2022-25635


JSON object : View

Products Affected

realtek

  • bluetooth_mesh_software_development_kit

google

  • android

linux

  • linux_kernel
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')