NVD Vulnerability Detail

CVE-2019-17518

Summary	The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock.
Publication Date	Feb. 11, 2020, 6:51 a.m.
Registration Date	Jan. 26, 2021, 11:40 a.m.
Last Update	Nov. 21, 2024, 1:32 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:dialog-semiconductor:software_development_kit::::::::			1.0.14.1081
execution environment
1	cpe:2.3:h:dialog-semiconductor:da14680:-:::::::*
2	cpe:2.3:h:dialog-semiconductor:da14681:-:::::::*
3	cpe:2.3:h:dialog-semiconductor:da14682:-:::::::*
4	cpe:2.3:h:dialog-semiconductor:da14683:-:::::::*

Related information, measures and tools

No	URL	タグ
1	https://asset-group.github.io/disclosures/sweyntooth/	Third Party Advisory
2	https://asset-group.github.io/disclosures/sweyntooth/	Third Party Advisory
3	https://www.dialog-semiconductor.com/ja/products/connectivity/bluetooth-low-energy/smartbond-da14680-and-da14681	Vendor Advisory
4	https://www.dialog-semiconductor.com/ja/products/connectivity/bluetooth-low-energy/smartbond-da14680-and-da14681	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-120	古典的バッファオーバーフロー	https://cwe.mitre.org/data/definitions/120.html

JVN Vulnerability Information

DA1468x デバイス用 Dialog Semiconductor SDK における古典的バッファオーバーフローの脆弱性

Title	DA1468x デバイス用 Dialog Semiconductor SDK における古典的バッファオーバーフローの脆弱性
Summary	DA1468x デバイス用 Dialog Semiconductor SDK には、古典的バッファオーバーフローの脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 12, 2019, midnight
Registration Date	March 2, 2020, 4:09 p.m.
Last Update	March 4, 2020, 1:46 p.m.

Affected System

Dialog Semiconductor

SDK 1.0.14.1081 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-17518	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17518
National Vulnerability Database (NVD)
2	CVE-2019-17518	https://nvd.nist.gov/vuln/detail/CVE-2019-17518

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-120	https://cwe.mitre.org/data/definitions/120.html

ベンダー情報

No	Name	URL
Dialog Semiconductor
1	SmartBond DA14680 and DA14681	https://www.dialog-semiconductor.com/ja/products/connectivity/bluetooth-low-energy/smartbond-da14680-and-da14681

その他

No	Name	URL
ICS-CERT ALERT
1	ICS-ALERT-20-063-01	https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01
関連文書
2	Unleashing Mayhem over Bluetooth Low Energy	https://asset-group.github.io/disclosures/sweyntooth/

Change Log

No	Changed Details	Date of change
1	[2020年03月02日] 掲載	March 2, 2020, 4:09 p.m.
2	[2020年03月04日] 参考情報：ICS-CERT ALERT (ICS-ALERT-20-063-01) を追加	March 4, 2020, 12:17 p.m.