Main Vulnerability Database Vulnerabilities #VU15683

Buffer overflow in BLE-STACK - CVE-2018-16986

Published: November 1, 2018 / Updated: November 2, 2018

Vulnerability identifier: #VU15683

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-16986

CWE-ID: CWE-120

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Broadcom

Affected software:
BLE-STACK

Detailed vulnerability description

The vulnerability allows a physical attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input if BLE is turned on and the device is actively scanning. A physical attacker who is in range of the targeted device can send specially crafted packets containing malformed BLE frames, trigger memory corruption and execute arbitrary code. The attacker can also install a backdoor on the chip and then gain complete control of the system. In the case of access points, the attacker can use the compromised AP to spread to other devices on the network, even if segmentation is in place.

The vulnerability has been dubbed as "BLEEDINGBIT".

How to mitigate CVE-2018-16986

Update BLE-stack to version 2.2.2.

Sources

https://armis.com/bleedingbit/

Buffer overflow in BLE-STACK - CVE-2018-16986

Detailed vulnerability description

How to mitigate CVE-2018-16986

Sources

Please verify you're human