CVE-2019-13916

Name of the Vulnerable Software and Affected Versions: Cypress WICED Studio version 6.2

Description: An issue was discovered in Cypress WICED Studio where a Bluetooth Low Energy (BLE) packet is copied into a Heap buffer. The buffer allocated is four bytes too small to hold the maximum packet size, allowing an attacker to corrupt a pointer in the linked list holding free buffers. This pointer can be controlled by overflowing with packet data and the packet CRC checksum, potentially resulting in a write-what-where condition.

Recommendations: For Cypress WICED Studio version 6.2, update to BT SDK2.4 or BT SDK2.45 to resolve the issue. As a temporary workaround, consider restricting the reception of BLE packets to minimize the risk of exploitation.