CVE-2019-19192

Name of the Vulnerable Software and Affected Versions STMicroelectronics BLE Stack versions through 1.3.1 for STM32WB5x devices

Description The Bluetooth Low Energy implementation does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.

Recommendations For STMicroelectronics BLE Stack versions through 1.3.1, consider disabling the reception of consecutive Attribute Protocol (ATT) requests as a temporary workaround until a patch is available. Restrict access to the Bluetooth Low Energy implementation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.