CVE-2019-11516

Name of the Vulnerable Software and Affected Versions Cypress Wireless IoT codebase (affected versions not specified)

Description An issue in the Bluetooth component of the Cypress Wireless IoT codebase improperly handles Extended Inquiry Responses (EIRs), causing a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir handleRx(), and are included in an EIR's length, allowing an attacker to exceed the expected 240 bytes and cause a heap-based buffer overflow in eir getReceivedEIR() called by bthci event SendInquiryResultEvent(). To exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses, causing the victim's Bluetooth stack to resolve the device names and allocate buffers with attacker-controlled data, leading to a write-what-where condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.